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Description 

BACKGROUND OF THE INVENTION 

(1) Field of the Invention 

[0001 ] The present invention relates to a semiconduc- 
tor memory card for storing digital contents, and a data 
reading apparatus for reading out the digital contents 
from the semiconductor memory card. More particularly, 
the present invention relates to a semiconductor mem- 
ory card and a data reading apparatus suitable for cop- 
yright protection of digital contents. 

(2) Description of the Prior Art 

[0002] The multimedia network technology has devel- 
oped to the extent that digital contents such as music 
contents are distributed via a communication network 
such as the Internet. This makes it possible to access a 
variety of music or the like provided from around the 
world at home. For example, a music content can be 
downloaded into a personal computer (hereafter re- 
ferred to as PC), then stored In a semiconductor mem- 
ory card loaded into the PC, Also, the semiconductor 
memory card can be removed from the PC and can be 
loaded into a portable music player. This enables one 
to listen to the music while walking. The semiconductor 
memory cards are compact and lightweight cards con- 
taining a semiconductor memory (e.g., a flash memory) 
being nonvolatile and having a targe storage capacity. 
[0003] In such a music distribution, the digital con- 
tents to be stored In the semiconductor memory card 
need to be encrypted beforehand using a key or the like 
to prevent unauthorized copying of the digital contents. 
Also, an arrangement is required so that file manage- 
ment software programs, many of which are standard 
equipments on commercial PCs, cannot copy the digital 
contents to other storage mediums. 
[0004] In one possible method for preventing unau- 
thorized copying, oniy dedicated software programs are 
allowed to access the semiconductor memory card. For 
example, when an authentication process between a 
PC and a semiconductor memory card has completed 
affirmatively, a PC is allowed to access the semiconduc- 
tor memory card; and when the authentication process 
has not completed affirmatively due to the lack of a ded- 
icated software program, the PC is not allowed to ac- 
cess the semiconductor memory card. 
[0005] However, in the above method in which PCs 
should always have a dedicated software program to ac- 
cess the semiconductor memory card, free data ex- 
change with users via the semiconductor memory card 
is not available. As a result, the above method loses a 
merit of conventional semiconductor memory cards, 
namely, a merit that file management software pro- 
grams being standard equipments on commercial PCs 
can be used to access the semiconductor memory card. 



[0006] Semiconductor memory cards that can oniy be 
accessed through dedicated software programs are su- 
perior as storage mediums for storing digital contents 
since such semiconductor memory cards function to 
s protect copyright of the digital contents. However, the 
semiconductor memory cards have a problem that they 
cannot be used as auxiliary storage apparatuses in gen- 
eral-purpose computer systems. 

10 SUMMARY OF THE INVENTION 

[0007] It is therefore an object of the present invention 
to provide a semiconductor memory card that can be 
used as a storage medium for storing digital contents 
and as a storage medium for storing general-purpose 
computer data (not an object of copyright protection), 
and to provide an apparatus for reading data from the 
storage medium. 

[0008] The above object is fulfilled by a semiconduc- 
tor memory card that can be used/removed In/from an 
electronic device, comprising: a rewritable nonvolatile 
memory; and a control circuit which controls accesses 
by the electronic device to an authentication area and a 
non-authentication area in the rewritable nonvolatile 
memory, wherein the control circuit includes: a non-au- 
thentication area access control unit which controls ac- 
cesses by the electronic device to the non-authentica- 
tion area; an authentication unit which performs an au- 
thentication process to check whether the electronic de- 
vice is proper, and affirmatively authenticates the elec- 
tronic device when the electronic device is proper; and 
an authentication area access control unit which permits 
the electronic device to access the authentication area 
oniy when the authentication unit affirmatively authenti- 
cates the electronic device. 

[0009] With the above construction , the data being an 
object of copyright protection can be stored in the au- 
thentication area and other data can be stored in the 
non-authentication area, which makes it possible to 
achieve such a semiconductor memory card as can 
store both digital contents to be copyright-protected and 
other data together. 

[001 0] In the above semiconductor memory card , the 
authentication unit may generate a key reflecting a re- 
sult of the authentication process, and the authentica- 
tion area access control unit decrypts an encrypted in- 
struction using the key generated by the authentication 
unit, and controls accesses by the electronic device to 
the authentication area in accordance with the decrypt- 
ed instruction, the encrypted instruction being sent from 
the electronic device. 

[0011] With the above construction, even if the com- 
munication between the semiconductor memory card 
and an electronic device is tapped, the instruction to ac- 
cess the authentication area has been encrypted, re- 
flecting the result of the preceding authentication. Ac- 
cordingly such a semiconductor memory card has a re- 
liable function to protect the authentication area from be- 
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ing unlawfully accessed. 

[001 2] In the above semiconductor memory card,the 
authentication unit may perform a challenge-response 
type mutual authentication with the electronic device, 
and generates the key from challenge data and re- 
sponse data, the challenge data being sent to the elec- 
tronic device to check whether the electronic device is 
proper, and the response data being generated to show 
the authentication unit is proper. 
[001 3] With the above construction, the key is shared 
by the semiconductor memory card and the electronic 
device only when both devices affirmatively authenti- 
cate each other. Furthermore, the key changes for each 
authentication. This enhances the security of the au- 
thentication area since the authentication area cannot 
be accessed without using the key. 
[001 4] In the above semiconductor memory card, the 
encrypted instruction sent from the electronic device 
may include a tag field and an address field, the tag field 
not having been encrypted and specifying a type of an 
access to the authentication area, the address field hav- 
ing been encrypted and specifying an address of an ar- 
ea to be accessed, wherein the authentication area ac- 
cess control unit decrypts the address field using the 
key, and controls accesses by the electronic device to 
the authentication area so that an access of the type 
specified in the tag field is made to the area indicated 
by the address in the decrypted address field. 
[001 5] With the above construction, only the address 
field of the instruction is encrypted. This facilitates the 
decryption and the decoding of the instruction by the 
semiconductor memory card which receives the instruc- 
tion. 

[0016] The above semiconductor memory card may 
further comprise: an identification data storage circuit 
which prestores Identification data which is unique to the 
semiconductor memory card and enables the semicon- 
ductor memory card to be discriminated from other sem- 
iconductor memory cards, wherein the authentication 
unit performs a mutual authentication with the electronic 
device using the identification data stored in the identi- 
fication data storage circuit, and generates the key from 
the identification data. 

[001 7] With the above construction, in the mutual au- 
thentication process, data unique to each semiconduc- 
tor memory card is exchanged. This keeps a superior 
level security against unlawful decoding of the mutual 
authentication. 

[001 S] The above semiconductor memory card may 
further comprise: an area resizing circuit which resizes 
the authentication area and the non-authentication ar- 
ea. 

[001 9] With the above construction, the semiconduc- 
tor memory card can be used dynamically. That is, the 
semiconductor memory card can be used mainly as a 
record medium for digital contents and can be used as 
an auxiliary storage apparatus in a commuter system. 
[0020] In the above semiconductor memory card, the 



authentication area and the non-authentication area 
may be produced by dividing a continuous area of a pre- 
determined size in the rewritable nonvolatile memory in- 
to two, and the area resizing circuit resizes the authen- 

5 tication area and the non-authentication area by chang- 
ing an address marking a boundary between the au- 
thentication area and the non-authentication area. 
[0021 ] With the above construction, the size of the au- 
thentication and non-authentication areas can be 

to changed only by moving the boundary. This reduces the 
circuit size. 

[0022] In the above semiconductor memory card, the 
area resizing circuit may include: an authentication area 
conversion table which shows correspondence be- 
tween logical addresses and physical addresses in the 
authentication area; a non-authentication area conver- 
sion table which shows correspondence between logi- 
cal addresses and physical addresses in the non-au- 
thentication area; and a conversion table change unit 

20 which changes contents of the authentication area con- 
version table and the non-authentlcatlon area conver- 
sion table in accordance with an instruction from the 
electronic device, wherein the authentication area ac- 
cess control unit controls accesses by the electronic de- 

25 vice to the authentication area by referring to the au- 
thentication area conversion table, and the non-authen- 
tication area access control unit controls accesses by 
the electronic device to the non-authentication area by 
referring to the non-authentication area conversion ta- 

30 ble. 

[0023] With the above construction, it is possible to 
separately manage the authentication area and the non- 
authentication area in terms of the area size and rela- 
tionships between the logical addresses and physical 
35 addresses since conversion tabtes for these areas are 
independently operated. 

[0024] In the above semiconductor memory card, an 
area addressed with higher physical addresses and an 
area addressed with lower physical addresses both con- 

40 stituting the area having the predetermined size may be 
respectively allocated to the authentication area and the 
non-authentication area, the non-authentication area 
conversion table shows correspondence between logi- 
cal addresses arranged in ascending order and physical 

45 addresses arranged in ascending order, and the authen- 
tication area conversion table shows correspondence 
between logical addresses arranged in ascending order 
and physical addresses arranged in descending order. 
[0025] With the above construction which enables the 

so logical addresses to be used in ascending order, the ar- 
ea size can be changed easily since the probability of 
use of an area around the boundary between the au- 
thentication area and the non-authentication area be- 
comes low. This also lowers the probability of occur- 

55 rence of data saving or moving which is required to 
move the boundary, resulting In a simplified area size 
change. 

[0026] The above semiconductor memory card may 
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further comprise: a read-only memory circuit which 
prestores data. 

[0027] With the above* construction, the function of 
copyright protection is enhanced by storing identifica- 
tion data of the semiconductor memory card in the ded- 
icated memory and storing the digital contents depend- 
ing on the results of identification based on the identifi- 
cation data. 

[0028] In the above semiconductor memory card, 
each of the authentication area and the non-authentica- 
tion area may include: a read/write storage area from/ 
to which the electronic device can read/write data; and 
a read-only storage area from which the electronic de- 
vice can read data but to which the electronic device 
cannot write data, the control circuit further includes: a 
random number generator which generates a random 
number each time the electronic device writes data to 
the rewritable nonvolatile memory, and each of the au- 
thentication area access control unit and the non-au- 
thentication area access control unit encrypts data using 
the random number, writes the encrypted data to the 
read/write storage area, and writes the random number 
to the read-only storage area. 

[0029] With the above construction, unlawful attempts 
such as tampering of the read/write storage area can be 
detected by checking the compatibility with the random 
number stored in the read-only storage area. This en- 
hances the safety of data writing. 
[0030] In the above semiconductor memory card, the 
control circuit further may include: a conversion table 
which shows correspondence between logical address- 
es and physical addresses in each of the authentication 
area and the non-authentication area; and a conversion 
tabie change circuit which changes contents of the con- 
version table in accordance with an instruction from the 
electronic device, and the authentication area access 
control unit and the non-authentication area access con- 
trol unit control accesses by the electronic device to the 
authentication area and the non-authentication area, re- 
spectively, by referring to the conversion table. 
[0031] With the above construction, even if the plural- 
ity of logical blocks constituting the same file are frag- 
mented, they can be easily changed to become logically 
successive. This increases the speed of accessing the 
same file. 

[0032] In the above semiconductor memory card, the 
control circuit may further include: an encryption/de- 
cryption unit which encrypts data to be written to the au- 
thentication area and the non-authentication area and 
decrypts data read out from the authentication area and 
the non-authentication area. 

[0033] With the above construction, it is possible to 
defend the authentication area and the non -authentica- 
tion area against unlawful attacks such as destroying 
the semiconductor memory card and directly reading 
the contents of these areas. 

[0034] In the above semiconductor memory card, the 
nonvolatile memory may be a flash memory, and the 



control circuit further includes: a not-deleted list read 
unit which, in accordance with an instruction from the 
electronic device, identifies not-deleted areas in the au- 
thentication area and the non-authentication area, and 
5 sends information indicating the not-deleted areas to the 
electronic device. 

[0035] With the above construction, the electronic de- 
vice can identify not-deleted areas and deiete the iden- 
tified not-deleted areas before the flash memory is re- 

10 written. This increases the speed of the rewriting. 
[0036] In the above semiconductor memory card, the 
authentication unit may request a user of the electronic 
device to input a user key, which is Information unique 
to the user, during the authentication process, and the 

'5 control circuit further includes: a user key storage unit 
which stores the user key; an identification information 
storage unit which stores a piece of identification infor- 
mation identifying an electronic device that has been af- 
firmatively authenticated by the authentication unit; and 

20 a user key request prohibition unit which obtains a piece 
of identification information from a target electronic de- 
vice after the authentication unit starts the authentica- 
tion process, checks whether the piece of identification 
information obtained from the target electronic device 
has already been stored in the identification information 
storage unit, and prohibits the authentication unit from 
requesting a user of the electronic device to input a user 
key when the piece of identification information obtained 
from the target electronic device has already been 

30 stored In the identification information storage unit. 
[0037] With the above construction , the user need not 
input a password or personal data each time the user 
accesses the semiconductor memory card. This pre- 
vents the occurrence of unlawful tapping and using of 

35 the personal data. 

[0038] The above object is also fulfilled by a data 
reading apparatus for reading out a digital content from 
the above semiconductor memory card, the digital con- 
tent having been stored in the non-authentication area 

^o of the semiconductor memory card, and information in- 
dicating the number of times the digital content can be 
read out being prestored in the authentication area, the 
data reading apparatus comprising: a judgement means 
for, when the digital content is to be read out from the 

45 non-authentication area, reading out the information in- 
dicating the number of times the digital content can be 
read out from the authentication area, and judging 
whether the digital content can be read out based on the 
number of times indicated in the information; and a re- 

50 production means for reading out the digital content 
from the non -authentication area only when the judge- 
ment means judges that the digital content can be read 
out, and reducing the number of times the digital content 
can be read out in the information stored in the authen- 

55 tication area. 

[0039] With the above construction, it is possible to 
limit the number of times the digital content is read out 
from the semiconductor memory card. This enables the 
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present invention to be applied to chargeable, rental mu- 
sic contents. 

[0040] The above object Is also fulfilled by a data 
reading apparatus for reading out a digital content from 
the above semiconductor memory card and reproducing 
the read-out digital content as an analog signal, the dig- 
ital content, which can be reproduced as an analog sig- 
nal, having been stored in the non-authentication area 
of the semiconductor memory card, and information in- 
dicating the number of times the digital content can be 
digitally output by the electronic device having been 
stored in the authentication area, the data reading ap- 
paratus comprising: a reproduction means for reading 
out the digitai content from the non-authentication area 
and reproducing the read-out digital content as an ana- 
log signal; a judgement means for reading out the infor- 
mation indicating the number of times the digitai content 
can be digitally output by the electronic device, and judg- 
ing whether the digital content can be digitally output 
based on the number of times indicated in the informa- 
tion; and a digital output means for digitally outputting 
the digital content only when the Judgement means judg- 
es that the digital content can be digitally output, and 
reducing the number of times the digital content can be 
digitally output in the information stored in the authenti- 
cation area. 

[0041] With the above construction, it is possible to 
limit the number of times the digital content is digitally 
copied from the semiconductor memory card. This pro- 
vides a copyright protection detailed with caution and 
attentiveness as intended by the copyright owner. 
[0042] As described above, the present invention is a 
semiconductor memory card functioning with flexibility 
both as a record medium for storing digital contents and 
an auxiliary storage apparatus of a computer. The 
present invention especially secures healthy distribution 
of digital contents for electronic music distribution. This 
is practically valuable. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0043] These and other objects, advantages and fea- 
tures of the invention will become apparent from the fol- 
lowing description thereof taken in conjunction with the 
accompanying drawings which illustrate a specific em- 
bodiment of the invention. In the drawings: 

FIG. 1 shows the appearance of a PC which is an 
embodiment of the present invention and is related 
to an electronic music distribution, and shows the 
appearance of a semiconductor memory card which 
can be loaded into and removed from the PC; 
FIG. 2 shows the appearance of a portable player 
for which the semiconductor memory card is used 
as a record medium; 

FIG. 3 is a block diagram showing the hardware 
construction of the PC; 

FIG. 4 is a block diagram showing the hardware 



construction of the player; 

FIG. 5 shows the appearance and hardware con- 
struction of the semiconductor memory card; 
FIG. 6 shows various storage areas in the semicon- 
5 ductor memory card which can be recognized by 
the PC and the player; 

FIGs. 7A, 7B, and 7C show limitations and com- 
mand formats when the PC or the player accesses 
an area in the semiconductor memory card, where 

10 FIG. 7A shows rules to be followed for accessing 
each area, FIG. 7B shows rules to be followed for 
changing the size of each area, and FIG. 7C is a 
schematic representation of areas in the semicon- 
ductor memory card; 

is FIG. 8 is a flowchart showing a procedure in which 
the PC (or the player) writes a musks content or the 
like to the semiconductor memory card; 
FIG. 9 is a flowchart showing a procedure in which 
a music content or the like is read out from the sem- 

20 {conductor memory card and played by the player 
(or the PC); 

FIG. 10 is a flowchart showing the operation in 
which the player (or the PC) handles the number of 
read-outs stored in the authentication area In the 

23 semiconductor memory card; 

FIG. 11 is a flowchart showing the operation in 
which the player (or the PC) handles the number of 
permitted digital outputs stored in the authentication 
area in the semiconductor memory card; 

30 FIG. 12 shows a data structure wh ich is common to 
the authentication and non-authentication areas of 
the semiconductor memory card, and also shows a 
flowchart of the reading/writing process corre- 
sponding to the data structure; 

3$ FIGs. 1 3A to 1 3D show a change in the relationship 
between the logical addresses and physical ad- 
dresses, where FIG. 13A shows the relationship be- 
fore the change, FIG. 13B shows the relationship 
after the change, FIG. 1 3C shows a conversion ta- 

40 ble corresponding to FIG. A, and FIG. 13D shows 
a conversion table corresponding to FIG. B; 
FIGs. 1 4A to 1 4D show functions related to not-de- 
teted blocks in the semiconductor memory card, 
where FIG. 14A shows the uee state of logical and 

45 physical blocks and physical blocks, FIG. 14B 
shows the not-deleted block list corresponding to 
the use state of the blocks shown in FiG. 14A, FIG, 
14C is a flowchart showing the procedure of the PC 
or the player for deleting blocks beforehand using 

so the not-deleted block list command and the delete 
command, and FIG. 14D is a table showing the use 
state of the logical blocks; 
FIG. 1 5 shows a communication sequence in an au- 
thentication between the player and the semicon- 

55 ductor memory card and aiso shows main compo- 
nents used in the authentication; 
FiG. 1 6 shows a communication sequence in a var- 
iation of the authentication of the present invention 
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between the memory card and an external device; 
FIG. 1 7 shows a communication sequence in a de- 
tailed procedure of the mutual authentication shown 
in FIG. 16; 

FIGs. 1 8A to 1 8C show the state before the bound- 
ary between the authentication and non-authentica- 
tion areas of the semiconductor memory card is 
changed, where FIG. 18A is a memory map show- 
ing the construction of the physical blocks in the 
flash memory, FIG. 18B shows a conversion table 
dedicated to the non-authentication area, and FIG. 
1 8C shows a conversion table dedicated to the au- 
thentication area; and 

FIGs. 1 9A to 1 9C show the state after the boundary 
between the authentication and non-authentication 
areas of the semiconductor memory card is 
changed, where FIG. 19A is a memory map show- 
ing the construction of the physical blocks in the 
flash memory, FIG. 19B shows a conversion table 
dedicated to the non-authentication area, and FIG. 
19C shows a conversion table dedicated to the au- 
thentication area. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0044] An embodiment of the present invention will be 
described with reference to the drawings. 
[0045] FIG. 1 is a schematic representation of a PC 
which downloads digital contents such as music con- 
tents via a communication network, and a semiconduc- 
tor memory card (hereafter referred to as memory card) 
which can be loaded into and removed from the PC. 
[0046] A PC 1 02 Includes a display 103, a keyboard 
104, and speakers 106, and is connected to a commu- 
nication line 101 via a modem embedded in the PC 1 02. 
A memory card writer 107 has been inserted into a card 
slot (a memory card writer insertion slot 105) of the PC 
1 02. The memory card writer insertion slot 1 05 is based 
on PCMCIA (Personal Computer Memory Card Interna- 
tional Association) standards or the like. The memory 
card writer 1 07 is an adaptor which electrically connects 
the PC 1 02 and a memory card 109. The memory card 
109 is inserted into a memory card insertion slot 108 of 
the memory card writer 107. 

[0047] The user obtains music data from a contents 
provider on the Internet using the above system and the 
following procedure. 

[0048] First, the user downloads a desired music con- 
tent into a hard disk in the PC 1 02 via the communication 
line 101. However, since the music content has been 
encrypted, the user is required to execute a certain pro- 
cedure to play the obtained music content on the PC 
102. 

[0049] To play the obtained music content, the user 
needs to pay the charge to the contents provider using 
a credit card or the like beforehand. When the user pays 
the charge, the user receives a password and rights in- 



formation from the contents provider. The password is 
a key used by the user to decrypt the encrypted music 
content. The rights information shows various condi- 
tions in which the user is allowed to play the content on 
s the PC, such as the number of permitted plays, the 
number of permitted writings to the memory card, an ex- 
piration date indicating a period permitted for the user 
to play the content. 

[0050] After having obtained the password and the 
10 rights information, the user, when intending to output the 
music from the speakers 106 of the PC 1 02, inputs the 
password through the keyboard 1 04 to the PC 1 02 while 
a dedicated application program (hereafter referred to 
as application) having a copyright protection function is 
is running on the PC 1 02. The application then checks the 
rights Information, decrypts the encrypted music content 
using the password, plays the decrypted music content 
to output the sounds from the speakers 106. 
[0051] When the rights information indicates that the 
content is permitted to be written to the memory card, 
the application can write the encrypted music data, 
password, and rights information to the memory card 
109. 

[0052] FIG. 2 is a schematic representation of a port- 
able copy/play apparatus (hereafter referred to as play- 
er) 201 for which the memory card 109 is used as a 
record medium. 

[0053] On the upper surface of the player 201 , a liquid 
crystal display unit 202 and operation buttons 203 are 
formed. On the front side of the player 201 , a memory 
card insertion slot 206 and a communication port 213 
are formed, where the memory card 1 09 is inserted Into 
the memory card Insertion slot 206, and the communi- 
cation port 213 is achieved by USB (Universal Serial 
Bus) or the like and connects to the PC 102. On a side 
of the player 201 , an analog output terminal 204, a digital 
output terminal 205, and an analog input terminal 223 
are formed. 

[0054] The player 201, after the memory card 109 
storing music data, a password, and rights information 
is loaded into the player 201 , checks the rights informa- 
tion. When the music is permitted to be played, the play- 
er 201 reads out the music data, decrypts the read-out 
music data, converts the decrypted music content into 
an analog signal, and outputs the sounds of the analog 
signal through headphones 208 connected to the ana- 
log output terminal 204. Alternatively, the player 201 out- 
puts digital data of the music data to the digital output 
terminal 205. 

[0055] The player 201 can also convert an analog au- 
dio signal, which is input to the player 201 through a 
microphone or the like then the analog input terminal 
223, into digital data and stores the digital data in the 
memory card 109. The player 201 can also download 
music data, a password, and rights Information from the 
PC 102 via the communication port 213 and record the 
downloaded information to the memory card 109. That 
is to say, the player 201 can replace the PC 1 02 and the 
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memory card writer 1 07 shown in FIG. 1 in terms of re- 
cording the music data on to the memory card 109 and 
playing the music data recorded on the memory card 
109. 

[0056] FIG. 3 is a block diagram showing the hard- 
ware construction of PC 102. 

[0057] The PC 102 includes a CPU 110, a ROM 111 
prestoring a device key 111a and a control program 
1 1 1 b, a RAM 1 1 2, the display 1 03, a communication port 
113 including a modem port used for connection to the 
communication line 101 and an USB used for connec- 
tion to the player 201 , the keyboard 104, an internal bus 
1 1 4, the memory card writer 1 07 connecting the memory 
card 109 and the internal bus 214, a descrambler 117 
for descrambling the encrypted music data read out 
from the memory card 109, an AAC decoder 118 con- 
forming to MPEG2-AAC (IS013818-7) standard for de- 
coding the descrambled music data, a D/A converter 
119 for converting the decoded digital music data into 
an analog audio signal, the speakers 106, and a hard 
disk 120 storing a file management software program 
and an application. 

[0058] The PC 102 can perform the following: 

(1 ) use the memory card 1 09 as an auxiliary storage 
apparatus having an independent file system (e.g., 
IS09293) as hard disks have by executing the file 
management software program stored in the hard 
disk 120, 

(2) download music contents or the like from the 
communication line 101 via the modem port of the 
communication port 1 1 3 by executing the dedicated 
application stored In the hard disk 120, 

(3) store the music contents or the tike in the mem- 
ory card 109 after a mutual authentication, and 

(4) read out the music contents or the like from the 
memory card 1 09 and output the read-out contents 
to the speakers 1 06 for playing. 

[0059] The device key 1 1 1 a stored in the ROM 1 1 1 is 
a secret key unique to the PC 102 and is, as will be de- 
scribed later, used for the mutual authentication or the 
like. 

[0060] FIG. 4 is a block diagram showing the hard- 
ware construction of the player 201 . 
[0061] The player 201 includes a CPU 210, a ROM 
21 1 prestoring a device key 21 1 a and a control program 
211b, a RAM 212, a liquid crystal display unit 203, a 
communication port 21 3 achieved by an USB or the like 
used for connection to the PC 102, operation buttons 
202, an internal bus 21 4, a card l/F unit 31S connecting 
the memory card 109 and the Internal bus 214, an au- 
thentication circuit 216 for executing a mutual authenti- 
cation with the memory card 1 09, a descrambler 21 7 for 
descrambling the encrypted music data read out from 
the memory card 109, an AAC decoder 218 conforming 
to MPEG2-AAC (IS013818-7) standard for decoding 
the descrambled music data, a D/A converter 219 for 



converting the decoded digital music data into an analog 
audio signal, speakers 224, an A/D converter 221 for 
converting an analog audio signal input from the analog 
input terminal 223 into digital music data, an AAC en- 

5 coder 220 conforming to MPEG2-AAC (IS013818-7) 
standard for encoding the digital music data, a scram- 
bler 222 for scrambling the encoded music data, an an- 
alog output terminal 204, a digital output terminal 205, 
and an analog input terminal 223. 

io [0062] The player 201 loads the control program 211b 
from the ROM 211 into the RAM 212 to allow the CPU 
21 0 to execute the control program 21 1 b. By doing this, 
the player 201 can read out music contents from the 
memory card 109, play and output the read-out music 

is contents to the speakers 224 and can also store music 
contents input via the analog input terminal 223 and 
communication port 21 3 into the memory card 1 09. That 
is to say, the user can use the player 201 not only for 
copying and playing music personally as with ordinary 

20 players, but also for copying and playing such music 
contents (protected by copyright) as are distributed by 
an electronic music distribution system and downloaded 
bythePC102. 

[0063] FIG. 5 shows the appearance and hardware 

25 construction of the memory card 1 09, 

[0064] The memory card 109 contains a rewritable 
nonvolatile memory to which data can be written repeat- 
edly. The rewritable nonvolatile memory has capacity of 
64MB, and is driven by power supply voltage of 3.3V 

so and a clock signal supplied from external sources. The 
memory card 109 is a 2.1mm-thick, 24mm-wide, and 
32mm-deep rectangular parallelopfped. The memory 
card 109 is provided with a wrlte-protect switch on its 
side, and is electrically connected to an external appa- 

33 ratus via a 9-pin connection terminal formed at an end 
of the memory card 1 09. 

[0065] The memory card 1 09 contains three IC chips : 
a control IC 302, a flash memory 303, and a ROM 304. 
[0066] The flash memory 303 is a flash-erasable, re- 

40 writable nonvolatile memory of a block deletion type, 
and includes logical storage areas: an authentication ar- 
ea 332 and a non-authentication area 331 . The authen- 
tication area 332 can be accessed only by the appara- 
tuses that have been authenticated as proper appara- 

45 tuses. The non-authentication area 331 can be ac- 
cessed by any apparatuses whether they are authenti- 
cated or not. In the present embodiment, the authenti- 
cation area 332 is used for storing important data related 
to copyright protection, and the non-authentication area 

so 331 is used as an auxiliary storage apparatus in a typical 
computer system. Note that a certain address in the 
flash memory 303 is used as a boundary between these 
two storage areas. 

[0067] The ROM 304 Includes a storage area which 
53 is a read-only area and is called special area. The spe- 
cial area prestores information including: a medium ID 
341 which Is an identifier of the memory card 109; and 
a maker name 342 which indicates the name of the man- 
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ufacture of the memory card 109. Note that the medium 
ID 341 is unique to the memory card 109 and discrimi- 
nates the memory card 1 09 from the other semiconduc- 
tor memory cards and that the medium ID 341 is used 
for the mutual authentication between apparatuses and 
used for preventing an unauthorized access to the au- 
thentication area 332. 

[0068] The control IC 302 is a control circuit com- 
posed of active elements (logic gates and the like), and 
includes an authentication unit 321 , a command judge- 
ment control unit 322, a master key storage unit 323, a 
special area access control unit 324, an authentication 
area access control unit 325, a non-authentication area 
access control unit 326, and an encryption/decryption 
circuit 327. 

[0069] The authentication unit 321 is a circuitthat per- 
forms a challenge-response-type mutual authentication 
with a remote apparatus attempting to access the mem- 
ory card 109. The authentication unit321 Includes a ran- 
dom number generator and an encryption unit, and au- 
thenticate the remote apparatus as a proper one when 
having confirmed that the remote apparatus has the 
same encryption unit as the local apparatus. Note that 
in the chalienge-response-type mutual authentication, 
both two apparatuses in communication perform the fol- 
lowing: the local apparatus first sends challenge data to 
the remote apparatus, the remote apparatus in return 
generates response data by processing the received 
challenge data for certifying the propemess of the re- 
mote apparatus and sends the generated response data 
to the local apparatus, and the local apparatus judges 
whether the remote apparatus Is proper by comparing 
the challenge data with the response data. 
[0070] The command judgement control unit 322 is a 
controller composed of a decoding circuit and a control 
circuit. The decoding circuit identifies a command (an 
instruction to the memory card 1 09) input via a com- 
mand pin and execute the identified command. The 
command judgement control unit 322 controls the com- 
ponents 321 to 327 In accordance with the received 
commands. 

[0071] The commands received by the command 
judgement control unit 322 includes not only commands 
to read, write, and delete data from/into the flash mem- 
ory 303, but commands to control the flash memory 303 
(commands related to an address space, not-deleted 
data, etc.). 

[0072] For example, in relation to reading/writing da- 
ta, the SecureRead address count command and the 
SeeureWrite address count command are defined as 
commands for accessing the authentication area 332, 
and the Read address count command and the Write 
address count command are defined as commands for 
accessing the non-authentication area 331 . In the above 
commands, "address" is a serial number of the first sec- 
tor of a sequence of sectors from/on which data is read 
or written by the command. "Count* is the total number 
of sectors from/on which data is read or written by the 



command. "Sector" is a unit representing the amount of 
data read orwritten from/to the memory card 109. In the 
present embodiment, one sector is 512 bytes. 
[0073] The master key storage unit 323 prestores a 
s master key 323a which is used by the remote apparatus 
during the mutual authentication and is used to protect 
data in the flash memory 303. 

[0074] The special area access control unit 324 is a 
circuit for reading out information such as the medium 
io id 341 from the special area (ROM) 304. 

[0075] The authentication area access control unit 

325 and the non-authentication area access control unit 

326 are circuits for reading/writing data from/to the au- 
thentication area 332 and the non-authentication area 

13 331 , respectively. Each of the units 325 and 326 sends/ 
receives data to/from external apparatuses (the PC 1 02, 
the player 201 , etc.) via four data pins. 
[0076] It should be noted here that the access control 
unrts 325 and 326 each contains a buffer memory as 

so large as one block (32 sectors, or 1 6K bytes), and logi- 
cally, inputs/outputs data in units of sectors to/from the 
area 332 or 331 in response to a command issued from 
an external apparatus, although it inputs/outputs data In 
units of blocks when the flash memory 303 is rewritten. 

?5 More specifically, when a sector in the flash memory 303 
is to be rewritten, the access control unit 325 or 326 
reads out data from a block including the sector from the 
flash memory 303, deletes the block in the flash memory 
303 at once, rewrites the sector in the buffer memory, 

30 then writes the block of data Including the rewritten sec- 
tor to the flash memory 303. 

[0077] The encryption/decryption circuit 327 is a cir- 
cuit which performs encryption and decryption using the 
master key 323a stored in the master key storage unit 
35 323 under the control of the authentication area access 
control unit 325 and the non-authentication area access 
control unft 326. The encryption/decryption circuit 327 
encrypts data before writing the data to the flash mem- 
ory 303, and decrypts the data after reading out the data 
40 from the flash memory 303. These encryption and de- 
cryption are performed to prevent unlawful acts such as 
an act of disassembling the memory card 1 09, analyzing 
the contents of the flash memory 303 directly, and steal- 
ing the password from the authentication area 332. 
45 [0078] It should be noted here the control IC 302 in- 
cludes a synchronization circuit, a volatile storage area, 
and a nonvolatile storage area as well as the main com- 
ponents 321 to 327. The synchronization circuit gener- 
ates an internal clock signal in synchronization with a 
so clock signal supplied from a clock pin, and supplies the 
generated internal clock signal to each component. 
[0079] Also, to protect the information stored in the 
special area (ROM) 304 against tampering by unauthor- 
ized persons, the special area (ROM) 304 may be em- 
w bedded In the control IC. Alternatively, the information 
may be stored In the flash memory 303. In this case, the 
special area access control unit 324 may impose a lim- 
itation on writing data to the information, or the encryp- 
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tion/decryption circuit 327 may encrypt the information 
before the information is stored in the flash memory 303. 
[0080] FIG. 6 shows various storage areas in the 
memory card 109 which can be recognized by the PC 
1 02 and the player 201 . The storage areas in the mem- 5 
ory card 1 09 are classified into three main areas: special 
area 304; authentication area 332; and non -authentica- 
tion area 331 . 

[0081] The special area 304 is a read-only area. A 
dedicated command is used to read data from the spe- 
cial area 304. Reading/writing data from/to the authen- 
tication area 332 is possible only when the authentica- 
tion between the PC 1 02 or the player 201 and the mem- 
ory card 109 has been affirmative. An encrypted com- 
mand is used to access the authentication area 332. The 
non-authentication area 331 can be accessed by com- 
mands on public use such as the commands conforming 
to the ATA (AT Attachment) or SCSI (Small Computer 
System Interface) standard. That is to say, data can be 
read/written from/to the non-authentication area 331 
without an authentication process. Accordingly, a file 
management software program being a standard equip- 
ment on the PC 1 02 can be used to read/write data from/ 
to the non-authentication area 331 , as with a flash ATA 
or a compact flash. 

[0082] The three main areas store the kinds of infor- 
mation shown below which provide the areas with a 
function as an auxiliary storage apparatus for a typical 
PC, and a function to copyright-protect the music data 
distributed by an electronic music distribution system. 
[0083] The non-authentication area 331 stores an en- 
crypted content 426, user data 427, etc. The encrypted 
content 426 is music data being an object of copyright 
protection and having been encrypted. The user data 
427 is general data irrelevant to copyright protection. 
The authentication area 332 stores an encryption key 

425 which is a secret key used for decrypting the en- 
crypted content 426 stored in the non-authentication ar- 
ea 331 . The special area 304 stores the medium ID 341 
which is necessary for accessing the authentication ar- 
ea 332. 

[0084] The PC 102 or the player 201 first reads out 
the medium ID 341 from the special area 304 in the 
memory card 1 09 loaded into itself, then extracts the en- 
cryption key 425 and the rights information from the au- 
thentication area 332 using the medium ID 341. When 
it is confirmed from the rights information that the en- 
crypted content 426 stored in the non-authentication ar- 
ea 331 is permitted to be played, the encrypted content 

426 can be read out and played while being decrypted 
with the encryption key 425. 

[0085] Here, suppose that a user writes only the mu- 
sic data that has been obtained unlawfully to the non- 
authentication area 331 in the memory card 1 09 using 
the PC 1 02 or the like, then attempts to play the music 
data from the memory card 109 loaded into the player 
201 . in this case, although the non-authentication area 
331 in the memory card 109 stores the music data, no 



encryption key 425 or rights information corresponding 
to the music data is stored in the authentication area 
332. Therefore, the player 201 fails to play the music 
data. With such a construction in which when only a mu- 
sic content is copied to the memory card 109 without 
authorized encryption key or rights information, the mu- 
sic content cannot be played, unauthorized copying of 
digital contents is prevented. 

[0086] FIGs. 7A, 7B, and 7C show limitations and 
command formats when the PC 102 or the player 201 
accesses an area in the memory card 109. FIG. 7A 
shows rules to be followed for accessing each area. FIG. 
7B shows rules to be followed for changing the size of 
each area. FIG. 7C is a schematic representation of the 
areas in the memory card 1 09. 

[0087] The special area 304 is a read-only area and 
can be accessed by a dedicated command without an 
authentication process. The medium ID 341 stored in 
the special area 304 is used to generate or decrypt the 
encrypted command which is used to access the au- 
thentication area 332. More specifically, the PC 102 or 
the player 201 reads out the medium ID 341, encrypts 
a command to be used to access the authentication area 
332, and sends the encrypted command to the memory 
card 109. On receiving the encrypted command, the 
memory card 1 09 decrypts the encrypted command us- 
ing the medium ID 341, interprets and executes the 
command. 

[0088] The authentication area 332 can be accessed 
only when an authentication between an apparatus at- 
tempting to access the memory card 1 09 such as the 
PC 1 02 or the player 201 and the memory card 1 09 has 
been affirmative. The size of the authentication area 332 
Is equal to the size of (YYYY+1) sectors. That is to say, 
the authentication area 332 is composed of sector 0 to 
sector YYYY (YYYY* h sector) logically, and is composed 
of sectors having XXXX* h sector address to 
(XXXX+YYYY) lh sector address In the flash memory 
303, physically. Note that sector addresses are serial 
numbers assigned uniquely to ail the sectors constitut- 
ing the flash memory 303. 

[0089] The non-authentication area 331 can be ac- 
cessed by a standard command conforming to the ATA 
or SCSI standard. The size of the non-authentication ar- 
ea 331 is equal to XXXX sectors. That is to say, the non- 
authentication area 331 is logically and physically com- 
posed of sector 0 to (XXXX-1) lh sectors. 
[0090] it should be noted here that an alternate block 
area 501 may be allocated in the flash memory 303 be- 
forehand. The alternate block area 501 is a group of al- 
ternate blocks which are used to replace defective 
blocks (blocks that have a defective storage area from/ 
to which data cannot be reaoTwrttten normally) in the au- 
thentication area 332 or the non-authentication area 
331. 

[0091] In the present embodiment, the special area 
304 can be accessed without authentication. However, 
to prevent unlawful analysis by any persons, the special 
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area 304 may be made accessible only by such appa- 
ratus as having been authenticated affirmatively, or 
commands used for accessing the special area 304 may 
be encrypted. 

[0092] Now, changing the sl2e of the authentication 
area 332 and the non-authentication area 331 will be 
described with reference to FIGs. 73 and 70. 
t0093] The total storage capacity of the authentication 
area 332 and the non-authenttcation area 331 In the 
flash memory 303 is equal to the capacity of 
(XXXX+YYYY+1) sectors which is a fixed value ob- 
tained by subtracting the alternate block area 501 and 
others from all the storage areas in the flash memory 
303. The sizes of the areas 332 and 331 are each var- 
iable and can be changed by changing the boundary ad- 
dress value XXXX. 

[0094] The first step in the procedure for changing the 
size of an area is to execute authentication. This authen- 
tication is executed to prevent any users from easily 
changing the size of the area using one of standard 
equipment programs prevalent among PC users or a 
software program intended for unlawful access. After 
the authentication is complete, the size of the non-au- 
thentlcatlon area 331 (the number of new sectors, 
XXXX) is sent to the memory card 1 09 using a dedicated 
command for changing the area size. 
[0095] The memory card 1 09, on receiving the above 
dedicated command for changing the area size, stores 
the value XXXX In the nonvolatile storage area or the 
like in the memory card 1 09, then controls the succeed- 
ing accesses to the authentication area 332 and the 
non-authentication area 331 using the value XXXX as 
a new boundary address. More specifically, the memory 
card 109 assigns physical sector 0 to XXXX* sector in 
the flash memory 303 to the non-authentication area 
331, and XXXX* to (XXXX+YYYY)* sector to the au- 
thentication area 332. The access control units 325 and 
326 perform the address conversion between a logical 
address and a physical address, and monitors genera- 
tion of an improper access to outside an allocated stor- 
age area, it should be noted here that logical addresses 
are recognized by an external apparatus as addresses 
in a data space of the memory card 1 09, corresponding 
to the values used in the commands, and that the phys- 
ical addresses are addresses in a data space of the flash 
memory 303 contained in the memory card 109. 
[0096] If the authentication area 332 is increased in 
size by reducing the boundary address, an arrangement 
will be required to maintain the logical compatibility be- 
tween before and after the address change. Forthis pur- 
pose, all the data stored in the authentication area 332 
are moved (copied) toward smaller addresses by the 
amount of reduction In the boundary address, for exam- 
ple. With this arrangement, physical addresses corre- 
spond to the new logical addresses starting from the 
new boundary address. With this arrangement, the data 
space of the authentication area 332 Is enlarged while 
logical addresses for the data stored in the authentica- 



tion area 332 are maintained. 

[0097] The dedicated command for changing the area 
size may be encrypted before use to prevent unlawful 
accesses. 

s [0098] FIG. 8 is a flowchart showing a procedure in 
which the PC 1 02 (or the player 201 ) writes a music con- 
tent or the like to the memory card 109. In the following 
description, ft is supposed that the PC 1 02 writes music 
data to the memory card 109 (S601). 

to 

(1) The PC 102 executes a challenge-response- 
type authentication with the authentication unit 321 
of the memory card 109 using the device key 111a 
and the like, and extracts the master key 323a from 

is the memory card 1 09 when the authentication has 
been affirmative (S602). 

(2) The PC 102 then extracts the medium ID 341 
from the special area 304 in the memory card 109 
using a dedicated command (S603). 

& (3) The PC 1 02 then generates a random number, 
and generates a password, which is used for en- 
crypting the music data, from the extracted master 
key 323a and the medium ID 341 (S604). In the 
above step, the random number is generated by, for 

25 example, encrypting the challenge data (random 
number) sent to the memory card 109 during the 
authentication process. 

(4) The generated password Is encrypted using the 
master key 323a and the medium JD 341, then is 

30 written to the authentication area 332 as the encryp- 
tion key 425 (S605). By this time, before the data 
(encryption key 425) is transmitted, the command 
to write data to the authentication area 332 has 
been encrypted and sent to the memory card 1 09. 

3s (5) The music data is encrypted using the password 
and stored in the non-authentication area 331 as 
the encrypted content 426 (S606). 

[0099] FIG. 9 is a flowchart showing a procedure in 
40 which a music content or the like is read out from the 
memory card 109 and played by the player 201 (or the 
PC 102). In the following description, it is supposed that 
music data stored in the memory card 109 Is played by 
the player 201 (S701). 

45 

(1 ) The player 201 executes a challenge-response- 
type authentication with the authentication unit 321 
of the memory card 109 using a device key 211a 
and the like, and extracts the master key 323a from 

so the memory card 1 09 when the authentication has 
been affirmative (S702). 

(2) The player201 then extracts the medium ID 341 
from the special area 304 in the memory card 109 
using a dedicated command (S703). 

55 (3) The player 201 then extracts the encryption key 
425 of the music data from the authentication area 
332 in the memory card 109 (S704). By this time, 
before the data (encryption key 425) is read out, the 
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command to read out data from the authentication 
area 332 has been encrypted and sent to the mem- 
ory card 109. 

(4) The obtained encryption key 425 is decrypted 
using the master key 323a and the medium ID 341 s 
to extract a password (S705). This decryption step 
is a reversed step of the encryption step S605 
shown in FIG. 8. 

(5) The encrypted content 426 is read out from the 
non-authentication area 331 and decrypted using 
the password extracted in the step S705, while the 
decrypted content is played as music (S706). 

[0100] As described above, the music data stored In 
the non-authentication area 331 In the memory card 1 09 
cannot be decrypted without the encryption key 425 
stored in the authentication area 332. Accordingly, even 
if only music data is unlawfully copied to another mem- 
ory card, the copied music data cannot be normally 
played. With this construction, the copyright of the music 
data is safely protected. 

[0101] As also described above, only apparatuses 
that have been authenticated affirmatively are permitted 
to access the authentication area in the memory card. 
This construction provides a copyright protection in 
which only the apparatuses that satisfy certain condi- 
tions are permitted to access the authentication area in 
the memory card. This is achieved by selectively using 
the device key, the encryption algorithm or the like that 
are used for authentication. 

[01 02] In the above example, when an encrypted con- 
tent is written to the memory card 1 09, first the password 
used in the encryption is encrypted using the master key 
and the medium ID, then the encrypted password is 
stored in the authentication area 332 as the encryption 
key (S805). However, either the master key or the me- 
dium ID may be used to encrypt the password. This con- 
struction simplifies the encryption and provides a merit 
that the circuit size of the memory card 1 09 or the player 
102 is reduced, although there is a possibility that the 
intensity of the encryption is weakened. 
[0103] In the above example, the player 201 and the 
PC 1 02 can extract the master key 323a from the mem- 
ory card 109 only when the authentication has been af- 
firmative. However, the master key 323a may be em- 
bedded in the player 201 or the PC 1 02 beforehand. Al- 
ternatively, the master key 323a may be encrypted and 
stored in the special area 304 as an encrypted master 
key. 

[0104] Now, two examples of the use of the authenti- 
cation area of the memory card will be described. In the 
two examples, the number of read-outs" and "the 
number of permitted digital outputs" are stored in the au- 
thentication area, respectively. 

[0105] FtG. 1 0 Is a flowchart showing the operation in 
which the player 201 (or the PC 102) handles the 
number of read-outs stored in the authentication area in 
thememory card 109. In the present example, the player 



201 can play the music data stored in the non-authen- 
tication area 331 in the memory card 1 09 as an audio 
signal as many times as indicated by the number of 
read-outs 812 stored in the memory card 109 (S801). 

(1 ) The player 201 executes a challenge-response- 
type authentication with the authentication unit 321 
of the memory card 109 using a device key 211a 
and the like, and extracts the master key 323a from 
the memory card 109 when the authentication has 
been affirmative (S802). 

(2) The player 201 then extracts the medium ID 341 
from the special area 304 in the memory card 109 
using a dedicated command (S803). 

(3) The player 201 then extracts the encryption key 
425 of the music data from the authentication area 
332 in the memory card 109 (S804). By this time, 
before the data (encryption key 425) is read out, the 
command to read out data from the authentication 
area 332 has been encrypted and sent to the mem- 
ory card 109. 

(4) The player 201 then extracts the n umber of read- 
outs 812 from the authentication area 332 in the 
memory card 109, and checks the number of read- 
outs 81 2 (S804). When the number indicates allow- 
ance of limitless reading out, the player 201 plays 
the music In accordance with the procedure (S704 
to S706) shown in FIG. 9 (S806 to S808). 

(5) When the number of read-outs 812 is 0, it is 
judged that no reading out is allowed (S805), and 
the play process ends (S809). When the number of 
read-outs 812 is a value other than 0 and does not 
indicate allowance of limitless reading out, the play- 
er 201 reduces the number by one. writes the re- 
sultant number to the authentication area 332 
(S805), then plays the music in accordance with the 
procedure (S704 to S706) shown in FIG. 9 (S806 
to S808). 

[01 08] As described above, it is possible for the player 
201 to control the number of times the player 201 plays 
the music by prestoring the number of read-outs 812 
which shows the number of times the music can be 
played. This enables the present technique to be ap- 
plied to analog reproduction of music obtained through, 
for example, rental CDs or kiosk terminals (online vend- 
ing machines for music distribution connected to a com- 
munication network). 

[0107] It should be noted here that "read-out time" 
may be stored instead of the number of read-outs 812 
to impose a limitation on the total time the music content 
can be played. Alternatively, combined information of 
the number of times and a time may be stored Instead. 
As another example, the number of read-outs 812 may 
be reduced when the content is kept to be played after 
a certain period (e.g., 10 seconds). As another example, 
the number of read-outs 812 may be encrypted then 
stored so that the information is protected from tamper- 
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ing. 

[0108] FIG. 1 1 is a flowchart showing the operation in 
which the player 201 (or the PC 102) handles the 
number of permitted digital outputs 9 1 3 stored in the au- 
thentication area in the memory card 1 09. In the present 
example, the player 201 can read out the music data 
from the non-authentication area 331 In the memory 
card 1 09 and output the read digital music data as many 
times as indicated by the number of permitted digital out- 
puts 91 3 stored in the memory card 1 09 (S901 ). 

(1) The player 201, as in the steps S701 to S705 
shown in FIG. 9, executes an authentication with 
the memory card 1 09 to extract the master key 323a 
(S902), extracts the medium ID 341 (S903), ex- 
tracts the encryption key 425 (S904), and extracts 
a password (S905). 

(2) The player 201 then extracts the number of per- 
mitted digital outputs 913 from the authentication 
area 332 in the memory card 109, and checks the 
number of permitted digital outputs 913 (S906). 
When the number indicates allowance of limitless 
digital output, the player 201 reads out the encrypt- 
ed content 426 from the non-authentication area 
331 , and decrypts the encrypted content 426 to dig- 
ital data using the password extracted in the step 
S905 and outputs the decrypted digital data from 
the digital output terminal 205 as digital music data 
(S909). 

(3) When the number of permitted digital outputs 
913 is 0, it is judged that no digital output is allowed 
(S908), and the data is played only by analog output 

(5908) . More specifically, the encrypted content 
426 is read out from the non-authentication area 
331, and music is played while the content is de- 
crypted using the password (S908). 

(4) When the number of permitted digital outputs 
913 is a value other than 0 and does not indicate 
allowance of limitless digital output, the player 201 
reduces the number by one, writes the resultant 
number to the authentication area 332 (S907), then 
reads out the encrypted content 426 from the non- 
authentication area 331, decrypts the encrypted 
content 426 to digital data using the password ex- 
tracted in the step S905 and outputs the decrypted 
digital data from the digital output terminal 205 

(5909) . 

[0109] As described above, the number of digital out- 
puts from the player 201 can be controlled by storing the 
number of permitted digital outputs 913 in the authenti- 
cation area 332 in the memory card 109. This enables 
the present technique to be applied to digital reproduc- 
tion of music obtained through, for example, rental CDs 
or kiosk terminals, which is to say, digital dubbing of mu- 
sic data stored in a memory card can be permitted a 
certain times in the authority of the copyright owner. 
[0110] It should be noted here that as with "the 



number of read-outs", "permitted digital output time" 
may be stored instead of the number of permitted digital 
outputs 91 3 to impose a limitation on the total time digital 
data of the music content can be output. Alternatively, 

s combined Information of the number of permitted digital 
outputs and a time may be stored instead. As another 
example, the number of permitted digital outputs 913 
may be reduced when the content is kept to be output 
after a certain period (e.g., 10 seconds). As another ex- 

io ample, the number of permitted digital outputs 913 may 
be encrypted then stored so that the information is pro- 
tected from tampering. 

[0111] A function may be added so that the number 
of permitted digital outputs can be increased by a 
w number which is specified by the copyright owner In cor- 
respondence to a charge the copyright owner receives. 
[0112] Now, the physical data structure (structure of 
the sector and the ECC block) of the memory card 109 
will be described. 
20 [0113] The memory card 109 adopts such a data 
structure as is suitable for preventing unlawful acts re- 
lated to the back up or restoration of the data stored in 
the flash memory 303 and for preventing unlawful acts 
related to the data tampering. Such a data structure is 
25 adopted due to the necessity for dealing with the unlaw- 
ful operations that may be performed on the above 
methods in which the number of read-outs" or "the 
number of permitted digital outputs" is stored In the au- 
thentication area 332 and the value is reduced each time 
30 the process is performed. 

[01 1 4] More specifically, th e music may be repeatedly 
played after the whole data recorded in the flash mem- 
ory 303 is backed up to an external auxiliary storage ap- 
paratus of the like. By doing this, when the number of 
33 permitted play operations becomes 0, the music can be 
repeatedly played again by restoring the back up data. 
Also, the music may unlawfully be played repeatedly by 
tampering the number of read-outs. As a result, it is nec- 
essary to make some arrangement to prevent such un- 
40 lawful acts. 

[0115] FIG. 12 shows a data structure which is com- 
mon to the authentication and non-authentication areas 
332 and 331 of the memory card 109, and also shows 
a flowchart of the reading/writing process corresponding 
45 to the data structure. 

[01 16] In the present example, the counter value gen- 
erated by the random number generator 1 03 of the au- 
thentication unit 321 in the control IC 302 is used as a 
time-variant key. 
50 [0117] A 1 6-byte extension area 1 005 is assigned to 
each of 512-byte sectors 1 004 in the flash memory 303. 
Each sector stores data which has been encrypted us- 
ing the counter value. The extension area 1 005 Is com- 
posed of ECC data 1006 and a time-variant area 1007. 
55 The ECC (Error-Correcting Code) data 1006 is 8-byte 
data being an ECC for the encrypted data stored in the 
current sector. The time-variant area 1 007 is 8-byte and 
stores a counter value used for generating the encrypt- 
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ed data stored in the current sector. 
[0118] It should be noted here that only the sectors 
1 004 can be accessed logically (I.e. , using a public com- 
mand or the like), and that only the extension area 1 005 
can be accessed physically (i.e., controlled by an appa- 
ratus that reads/writes data from/to the memory card). 
[0119] With the above construction, unlawful data 
tampering can be prevented by comparing the sector 
data with the contents of the time-variant area 1007, 
where even if the sector data is tampered using a com- 
mand or the like, the contents of the time-variant area 
1 007 do not change. 

[0120] More specifically, the PC 1 02 or the player 201 
writes/reads data to/from the authentication area 332 or 
the non-authentication area 331 in the flash memory 
1 09 following the procedure shown below in units of sec- 
tors 1004. First, the procedure In which the PC 102 
writes data to the memory card 109 (S1001) will be de- 
scribed. 

(1) The PC 102 requests the memory card 109 to 
issue a counter value. In response to this request, 
the control IC 302 in the memory card 109 gener- 
ates a random number using a random number gen- 
erator 1 003 contained In the control IC 302 (S 1 005), 
and sends the generated random number to the PC 
1 02 as the counter value (S1 002). 

(2) A password is generated from the received 
counter value and the master key 323a and the me- 
dia ID 341 which have already been obtained 

(51003) . 

(3) One sector of data to be written is encrypted us- 
ing a password and sent to the memory card 1 09 

(51 004) . Together with the encrypted data, (i) infor- 
mation specifying the location of a sector to which 
the encrypted data is to be written, and (ii) the coun- 
ter value used for the encryption are sent to the 
memory card 1 09. 

(4) The memory card 1 09 writes the encrypted data 
to the specified sector 1004 (S1006). 

(5) An ECC is obtained by calculation from the en- 
crypted data, and the obtained ECC is written to the 
extension area 1005 as the ECC data 1006 

(51007) . 

(6) The counter value received together with the en- 
crypted data is written to the time-variant area 1 007 

(51008) . 

[0121] Next, the procedure in which the PC 1 02 reads 
out data from the memory card 109 (S1011) will be de- 
scribed. 

(1) The PC 102 requests the memory card 109 to 
read out data by specifying the location of a sector 
from which the data is to be read out. On receiving 
the request, the memory card 1 09 first reads out en- 
crypted data from the specified sector 1 004 and out- 
puts the read-out data to the PC 102 (S1016). The 



PC 102 receives the encrypted data (S1012). 

(2) The memory card 109 then reads out a counter 
value from the time-variant area 1007 in the exten- 
sion area 1005 corresponding to the specified sec- 

5 tor 1 004, and sends the read-out counter value to 
the PC 1 02 (S1 01 7). The PC 1 02 receives the coun- 
ter value (S1013). 

(3) A password is generated from the read-out 
counter value and the master key 323a and the me- 

w dia ID 341 which have already been obtained 
(SI 01 4). 

(4) The encrypted data is decrypted using the pass- 
word (S1 005). 

is [0122] Here, if the data in the sector 1004 has been 
changed by tampering or the like, the decryption fails 
due to mismatch between the counter value read out 
from the time-variant area 1007. 
[0123] As described above, the flash memory 303 

20 contains the time-variant area 1007, a hidden area 
which cannot be seen (accessed) by users. Data is en- 
crypted and stored using a password which is generated 
using a counter value stored in the time-variant area 
1 007. With this construction, the data is protected from 

2S unlawful tampering by users. 

[0124] In the above example, the time-variant area 
1007 is provided in the extension area 1005 for storing 
the ECC. However, it is possible to provide the time-var- 
iant area 1007 within another area in the flash memory 

30 303 in condition that data stored in the area cannot be 
changed from outside the memory card. 
[0125] In the above example, a random number is 
used as the counter value. However, the counter value 
may be a timer value indicating a time that changes eve- 

35 ry instant, or may be the number of times data has been 
written to the flash memory 303. 
[0126] Now, a desirable example of a relationship be- 
tween the logical addresses and physical addresses in 
the flash memory 303 will be described. 

40 [0127] FIGs. 13A to 13D show a change in the rela- 
tionship between the logical addresses and physical ad- 
dresses. FIG. 13A shows the relationship before the 
change. FIG. 13B shows the relationship after the 
change. FIG. 13C shows a conversion table 1101 cor- 

45 responding to FIG. A. FIG. 13D shows the conversion 
table 1101 corresponding to FIG. B. 
[0128] The conversion table 1 1 01 is a table in which 
all the logical addresses (in FIGs. 13A to 13D, serial 
numbers of the logical blocks) are stored with corre- 

50 spending physical addresses (in FIGs. 13A to 1 3D, se- 
rial numbers of the physical blocks constituting the flash 
memory 303). The conversion table 11 01 is stored in a 
nonvolatile area in the control IC 302 or the like and is 
referred to by the authentication area access control unit 

55 325 or the non-authentication area access control unit 
326 when, for example, a logical address is converted 
into a physical address. 

[01 29] Devices accessing the memory card 1 09 can- 
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not write data to all the data storage spaces that physi- 
cally exist in the memory card 109 (I.e., all the physical 
blocks constituting the flash memory 303), but can write 
data only to logical data spaces (logical blocks) that are 
specified by the logical addresses. 5 
[0130] The above arrangement is made, for one rea- 
son, to secure an alternative area which would replace 
an area from/to which data cannot be read/written due 
to a partial defect of the flash memory 303. Even if such 
a defect block has been replaced by an alternative 10 
block, changing the conversion table so as to reflect the 
change in the correspondence between the logical and 
physical block numbers enables the flash memory 303 
to pretend against external devices that no defects have 
been caused. This is because In each file, the logical 15 
continuity, which corresponds to a plurality of continu- 
ous physical blocks, Is maintained. 
[0131] However, the fragmentation of logical blocks 
increases when, for example, a file composed of a plu- 
rality of blocks is repeatedly stored or deleted in/from 20 
the memory card 109. A specific example of this is 
shown in FIG. 13A in which the logical addresses (0 and 
2) of the logical blocks constituting "file 1 " are discontin- 
uous. 

[0132] When such discontinuity of logical blocks oc- 2s 
curs, for example, music data cannot be written to con- 
tinuous logical areas in the memory card 1 09. This ne- 
cessitates issuance of the write command "Write ad- 
dress count" for each block, resulting in reduction In the 
writing speed. Similarly, this necessitates issuance of 30 
the read command "Read address count' for each block 
even when music data of one tune is to be read out, 
making the real-time reproduction of the music data dif- 
ficult. 

[01 33] To solve the above problem, the control IC 302 35 
of the memory card 1 09 has a function to rewrite the 
conversion table 1101 based on a command issued from 
an external device. More specifically, when a dedicated 
command for rewriting the conversion table 1 1 01 is input 
from a command pin, the control IC 302 of the memory 40 
card 109 interprets the dedicated command and re- 
writes the conversion table 1101 using a parameter that 
is sent after the dedicated command. 
[0134] The above operation will be detailed using an 
example shown in FIGs. 13A to 13D. Suppose that be- 
fore the above dedicated command is received, the 
flash memory 303 contains data constituting the file 
"filel" at locations indicated by physical addresses 0 
and 2, and data constituting the file "file2" at a location 
indicated by physical address 1 , as shown in FIG. ISA, so 
and that the conversion table 1 1 01 shows that the logical 
addresses match the physical addresses. That is to say, 
in the logical addresses, as well as in the physical ad- 
dresses, the data of H file2" is sandwiched by the data of 
"filel". 55 
[0135] With an intention of solving the above state, an 
external device sends the above dedicated command 
and a parameter to the flash memory 303, the dedicated 



command instructing to secure the continuity of "filel". 
The command judgement control unit 322 of the mem- 
ory card 1 09, in accordance with the received dedicated 
command and parameter, rewrites the conversion table 
1101 as shown in FIG. 13D. FIG. 13B shows the rela- 
tionship between the logical and physical addresses in 
the flash memory 303 after the above sequence of op- 
erations. 

[0136] As understood from FIG. 13B, though the ar- 
rangement of the physical blocks has not been changed, 
the logical blocks constituting "filel" have been relocat- 
ed to be successive. With this arrangement, the external 
device can access "filel " at a higher speed than before 
in the next access and after. 

[0137] The conversion table 11 01 can be rewritten as 
above not only to solve the fragmentation of logical 
blocks, but also to change the size of each of the au- 
thentication area 332 and non-authentication area 331 
in the flash memory 303. In the latter case, a high-speed 
area relocation is possible since the conversion table 
1101 is rewritten so that a physical block to become 
small is located as a physical block to become large. 
[0138] Now, a function of the memory card 109 related 
to not-deleted blocks will be described. More specifical- 
ly, operations of the memory card 1 09 when receiving a 
not-deleted block list command and an delete command 
will be described. Here, the not-deleted blocks are phys- 
ical blocks in the flash memory 303 which contain data 
that has not physically been deleted. That is to say, data 
in the not-deleted blocks needs to be deleted at once 
before the blocks are used next (before another data is 
written to the not-deleted blocks). 
[0139] The not-deleted block list command is one of 
the commands the command judgement control unit 
322 can interpret and execute, and is used to obtain a 
list of all the not-deleted blocks in the flash memory 303. 
[0140] The existent data stored in the flash memory 
303 of the memory card 1 09 must be deleted in units of 
blocks before data is newly written to the flash memory 
303. The time for the deletion is approximately a half of 
the total time of writing. As a result, the total time of writ- 
ing is reduced if the deletion has been completed be- 
forehand. Accordingly, to achieve this, the memory card 
109 provides the external device the not-deleted block 
list command and the delete command. 
[0141] Suppose that the current use state of the logi- 
cal blocks and physical blocks of the flash memory 303 
is shown in FIG. 14A. As shown in FIG. 14A, logical 
blocks 0 to 2 are currently used, and physical blocks 0 
to 2, 4, and 5 are not-deleted blocks. 
[0142] A not-deleted block list 1203 Is stored in the 
command judgement control unit 322 in the above state. 
The contents of the not-deleted block list 1203 corre- 
sponding to the use state of the blocks shown in FIG. 
14A are shown in FIG. 148. Here, the not-deleted block 
list 1203 is a storage table composed of entries corre- 
sponding to all the physical blocks constituting the flash 
memory 303 and having values which indicate the data 
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deletion states (blocks whose data has been deleted are 
incidated by "Q", and blocks whose data has not been 
deleted are Incidated by "1 ") of the corresponding phys- 
ical blocks under the control of the command judgement 
control unit 322. s 
[01 43] FIG. 1 4C is a flowchart showing the procedure 
of the PC 1 02 or the player 201 for deleting blocks be- 
forehand using the not-deleted block list command and 
the delete command in the above-stated states, it is pre- 
sumed here that the flash memory 303 contains a table « 
such as FAT (File Allocation Table) which shows the use 
state of the logical blocks, as shown in FIG. 1 4D. 
[0144] An external device such as the PC 1 02 or the 
player 201 issues the not-deleted block list command to 
the memory card 1 09 during an idle time in which the u 
memory card 109 is not accessed (SI 201). On receiving 
the command, the command judgement control unit 322 
of the memory card 109 refers to the not-deleted block 
list 1203 contained in the command judgement control 
unit 322, detects that physical blocks 0 to 2, 4, and 5 are 20 
assigned a state value w 1 M , and sends the physical block 
numbers to the external device. 
[0145] The extern at device then refers to the table that 
shows the use state of logical blocks in the flash memory 
303 shown in FIG, 1 4D to identify the blocks that are not sa 
used logically (S1202). 

[01 46] The external device identifies, based on the In- 
formation obtained in the steps S1201 and S1202, 
"deletable" blocks that are not used logically and have 
not been deleted physically (physical blocks 4 and 5 in 30 
the present example) (S1 203). The external device then 
issues the delete command specifying the physical 
block numbers 4 and 5 to the memory card 1 09 (S 1 204). 
On receiving the command, the command Judgement 
control unit 322 of the memory card 1 09 deletes the 3s 
physical blocks 4 and 5 by sending instructions to the 
authentication area access control unit 32S and the non- 
authentication area access control unit 326. 
[0147] After the above operation is complete, data is 
written to the physical blocks 4 and 5 at a high speed 40 
since the deletion process is not required for the writing. 
[01 48] Now, a function of the memory card 1 09 related 
to personal data protection will be described. More spe- 
cifically, the personal data protection function is used 
when the memory card 109 checks an external device 
for authentication and requires personal data of the user 
of the external device. Here, each piece of the personal 
data is unique to a user and is used to identify the user. 
The user with proper personal data is recognized by the 
memory card 1 09 as an authorized user permitted to ac- so 
cess the authentication area 332 in the memory card 
109. 

[0149] Here, if the user is requested to input the per- 
sonal data each time the user accesses the authentica- 
tion area 332, or if the input personal data is stored in ss 
the authentication area 332 for each of such accesses, 
a problem might occur that the personal data is tapped 
by someone or read unlawfully by another user who has 



an authority to access the authentication area 332. 
[0150] One possible solution to this problem wouldbe 
encrypting the personal data using a password provided 
by the user personally and storing the encrypted per- 
sonal data, in the same way as music data. 
[01 51] However, in the above case, the user needs to 
input the password each time the personal data is 
checked. The procedure is troublesome and the man- 
agement of the password is also required. Accordingly, 
the memory card 1 09 provides a function to sidestep the 
problem of unnecessarily and repeatedly inputting the 
personal data. 

[0152] FIG. 1 5 shows a communication sequence in 
an authentication between the player 201 and the mem- 
ory card 1 09 and also shows main components used in 
the authentication. Note that the processes shown in 
FIG. 1 5 are mainly achieved by the authentication circuit 
216 of the player 201 and the authentication unit 321 of 
the memory card 1 09. 

[0153] As shown in FIG. 15, the authentication circuit 
21 6 of the player 201 has the encryption and decryption 
functions, and also prestores a master key 1301 which 
is a secret key being equal to the master key 323a held 
by the memory card 1 09, and a device ID 1 302 which is 
an ID unique to the player 201 , such as a product serial 
number (s/n). 

[0154] The authentication unit 321 of the memory 
card 109 has the encryption, decryption, and compari- 
son functions, and also has two nonvolatile storage ar- 
eas: a device ID group storage area 1310 and a user 
key storage area 1311. The device ID group storage ar- 
ea 1310 stores device IDS of ail the devices permitted 
to access the authentication area 332 in the memory 
card 109. The user key storage area 1 311 stores a user 
key sent from a device as personal data. 
[01 55] The authentication procedure will be described 
in detail below. Note that in the transmissions and re- 
ceptions, all the data is encrypted before transmission, 
and the encrypted data is decrypted in the reception 
side. A key to be used in the encryption and decryption 
is generated during the following procedure. 

(1) After the memory card 109 is connected to the 
player 201 , first, the player 201 encrypts the device 
ID 1302 using the master key 1301 . and sends the 
encrypted device ID 1302 to the memory card 109. 

(2) The memory card 1 09 decrypts the received en- 
crypted device ID 1302 using the master key 323a, 
and checks whether the obtained device ID 1302 
has already been stored in the device ID group stor- 
age area 1310. 

(3) When it is judged that the device ID 1302 has 
already been stored, the memory card 109 notifies 
the player 201 that the authentication has been af- 
firmative. When it is Judged that the device ID 1302 
is not stored, the memory card 1 09 requests the 
player 201 to send a user key. 

(4) The player 201 urges the user to input the user 
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key, obtains the user key as personat data of the 
user, and sends the obtained user key to the mem- 
ory card 1 09. 

(5) The memory card 1 09 compares the received 
user key with the user key having been prestored 
in the user key storage area 1311. When having 
judged that the two user keys match, or when the 
user key storage area 1311 is vacant, the memory 
card 109 notifies the player 201 that the authenti- 
cation has been affirmative, and stores the device 
ID 1 302 obtained in the above step (3) tin the device 
ID group storage area 1310. 

[01 56] With the above arrangement, when a device of 
the user is connected to the memory card 109 for the 
first time, the user is required to input personal data (a 
user key). However, in the second connection and after, 
the user is no more requested to input the personal data 
since automatical!, the authentication completes affirm- 
atively using the device ID. 

[0157] Now, a variation of the authentication protocol 
between the memory card 1 09 and an external device 
such as the PC 1 02 or the player 201 will be described 
with reference to FIGs. 16 and 17. 
[0158] FIG. 16 shows a communication sequence in 
a variation of the authentication between the memory 
card 109 and an external device (in the present exam- 
ple, the player 201). 

[01 59] Note that the processes shown in FIG. 1 6 are 
mainly achieved by the authentication circuit 21 6 of the 
player 201 , a control program 1 1 1 b of the PC 1 02, and 
the authentication unit 321 of the memory card 1 09. It 
is presumed here that the master key storage unit 323 
of the memory card 1 09 stores an encrypted master key 
(encrypted master key 323), and that the special area 
304 stores a secure medium ID 343 as well as the me- 
dium ID 341 , the secure medium ID 343 being generat- 
ed by encrypting the medium ID 341 . 
[0160] First, the player 201 issues a command to the 
memory card 109 to obtain the master key 323b from 
the memory card 109, and decrypts the obtained master 
key 323b using the device key 211 a. The decryption al- 
gorithm used In this decryption corresponds to the en- 
cryption algorithm used in the encryption of the master 
key 323b which has now been read out from the memory 
card 1 09. Therefore, when the device key 2 1 1 a the play- 
er 201 has is an authorized one, the decryption is ex- 
pected to restore the original master key. 
[01 61 ] The player 201 then issues a command to the 
memory card 109 to obtain the medium ID 341 from the 
memory card 109, and encrypts the obtained medium 
ID 341 using the restored master key. The encryption 
aigorithm used in this encryption is the same as the en- 
cryption algorithm used in the encryption of the secure 
medium ID 343 which is stored in the memory card 1 09. 
Therefore, the encryption provides a secure medium ID 
which is the same as the secure medium ID 343 con- 
tained in the memory card 109. 



[0162] The player 201 and the memory card 1 09 per- 
forms a mutual authentication using the secure medium 
IDs they respectively have. Through this mutual authen- 
tication, each of the devices generates (OK/NG) infor- 

5 mation and a secure key, the (OK/NG) information indi- 
cating whether the remote device has been authenticat- 
ed, and the secure key being a time-variant key that de- 
pends on the authentication result. The secure keys 
owned by both devices match onry when both devices 

to 201 and 109 affirmatively authenticate the other devic- 
es, and the secure keys change each time a mutual au- 
thentication is performed. 

[0163] After a mutual authentication has completed 
affirmatively, the player 201 generates a command 

'5 which is used to access the authentication area 332 in 
the memory card 109. More specifically, for example, 
when data Is read out from the authentication area 332, 
a parameter (a 24-bit address "address - and an 8-bit 
count "count" ) of the command "SecureRead address 

20 count" is encrypted using the secure key, and an en- 
crypted command, which is generated by combining the 
encrypted parameter and a tag (a 6-bit code indicating 
a command type "SecureRead") of the command, is 
sent to the memory card 1 09. 

23 [0164] On receiving the encrypted command, the 
memory card 109 Judges the type of the command. In 
the present example, the command is judged to be "Se- 
cureRead" to read data from the authentication area 
332. 

30 [0165] When the command Is judged to be a com- 
mand to access the authentication area 332, the param- 
eter contained in the command is decrypted using the 
secure key obtained through the mutual authentication. 
The decryption algorithm used in this decryption corre- 

35 sponds to the encryption algorithm used in the encryp- 
tion of the command by the player 201 . Therefore, when 
the mutual authentication completes affirmatively, that 
is to say, when the secure keys used by both devices 
match, the parameter obtained by the decryption shouid 

40 be equal to the original parameter used by the player 
201. 

[0166] The memory card 109 then reads out the en- 
cryption key 425 from a sector in the authentication area 
332 indicated by the decrypted parameter, encrypts the 

45 read-out encryption key 425 using the secure key, and 
sends the encrypted encryption key to the player 201 . 
[0167] The player 201 decrypts the received data us- 
ing the secure key obtained through the mutual authen- 
tication. The decryption algorithm used in this decryp- 

50 tion corresponds to the encryption algorithm used In the 
encryption of the encryption key 425 by the memory 
card 109. Therefore, when the mutual authentication 
completes affirmatively, that is to say, when the secure 
keys used by both devices match, the data obtained by 

53 the decryption should be equai to the original encryption 
key. 425. 

[0168] The memory card 1 09, each time a command 
to access the authentication area 332 is executed, dis- 
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cards (deletes) a secure key used in the command ex- 
ecution. With this arrangement, an external device at- 
tempting to access the authentication area 332 in the 
memory card 109 needs to perform a mutual authenti- 
cation each time the external device issues a command 
and to be affirmative in the authentication beforehand. 
[0169] FIG. 17 shows a communication sequence in 
a detailed procedure of the mutual authentication shown 
in FIG. 16. In the present example, the memory card 
109 and the player 201 perform a challenge-response- 
type mutual authentication. 

[0170] The memory card 109 generates a random 
number and sends the random number to the player 201 
as challenge data to check the properness of the player 
201 . The player 201 encrypts the challenge data and 
returns the encrypted challenge data to the memory 
card 1 09 as response data to certify the properness of 
the player 201 . The memory card 1 09 encrypts the ran- 
dom number sent as challenge data, and compares the 
received response data with the encrypted challenge 
data. When the received response data and the encrypt- 
ed challenge data match, the memory card 109 judges 
that the authentication of the player 201 has been af- 
firmative (OK), and receives a command to access the 
authentication area 332 from the player 201 . When the 
received response data and the encrypted challenge 
data do not match, the memory card 1 09 judges that the 
authentication of the player 201 has not been affirmative 
(NG), and if the player 201 sends a command to access 
the authentication area 332 after the judgement, the 
memory card 109 rejects the command. 
[01 71] The player 201 performs a similar authentica- 
tion procedure to check the properness of the memory 
card 1 09. That is to say, the player 201 generates a ran- 
dom number and sends the random number to the mem- 
ory card 1 09 as challenge data to check the properness 
of the memory card 1 09. The memory card 1 09 encrypts 
the challenge data and returns the encrypted challenge 
data to the player 201 as response data to certify the 
properness of the memory card 1 09. The player 201 en- 
crypts the random number sent as challenge data, and 
compares the received response data with the encrypt- 
ed challenge data. When the received response data 
and the encrypted challenge data match, the player201 
judges that the authentication of the memory card 1 09 
has been affirmative (OK), and accesses the authenti- 
cation area 332 in the memory card 109. When the re- 
ceived response data and the encrypted challenge data 
do not match, the player 201 judges that the authenti- 
cation of the memory card 1 09 has not been affirmative 
(NG), and gives up accessing the authentication area 
332. 

[0172] All the encryption algorithms used in the mu- 
tual authentication should be the same as far as the 
memory card 109 and the player 201 are authorized 
ones. The memory card 109 and the player 201 obtain 
a secure key by performing an exclusive-or operation 
using the encrypted challenge data and the response 



data obtained through the authentication and certifica- 
tion of the properness. The obtained secure key, or the 
result of the above exclusive-or operation, is used for 
accessing the authentication area 332 in the memory 
5 card 109. With this arrangement, it is possible for both 
devices 1 09 and 201 to share a time-variant secure key 
that is common to them only when they have been af- 
firmative in the authentication. This renders the affirm- 
ative authentication a necessary condition for accessing 
the authentication area 332. 

[0173] The secure key may be a result of an exclu- 
sive-or operation using the encrypted challenge data, 
the response data, and the secure medium ID. 
[0174] Now, a variation of a function to change the 
boundary between the authentication area 332 and non- 
authentication area 331 in the memory card 109 will be 
described with reference to FIGS. 18 and 19. 
[0175] FIGs. 18A to 18C show the use state of the 
flash memory 303 before the boundary Is changed. FIG. 
18A is a memory map showing the construction of the 
physical blocks In the flash memory 303. 
[01 76] FIG. 1 8B shows a conversion table 1 1 03 which 
is dedicated to the non-authentication area 331 and is 
stored in a nonvolatile storage area In the non-authen- 
tication area access control unit 326. The conversion ta- 
ble 1 1 03 shows relationships between the logical blocks 
and physical blocks in the non-authentication area 331 . 
The non-authentication area access control unit 326 re- 
fers to the conversion table 1 1 03 to convert a logical ad- 
dress into a physical address or to detect an improper 
access accessing outside an allocated storage area. 
[01 77] FIG. 1 8C shows a conversion table 1 1 02 which 
is dedicated to the authentication area 332 and is stored 
In a nonvolatile storage area in the authentication area 
access control unit 325. The conversion table 1102 
shows relationships between the logical blocks and 
physical blocks in the authentication area 332. The au- 
thentication area access control unit 325 refers to the 
conversion table 1102 to convert a logical address into 
a physical address or to detect an improper access ac- 
cessing outside an allocated storage area. 
[0178] As shown in FIG. 18A, before the boundary is 
changed, out of the flash memory 303 composed of 
physical blocks 0000 to FFFF, physical blocks F000 to 
FFFF are allocated to the alternate block area 501 , 
physical blocks 0000 to DFFF whose addresses are 
lower than the boundary are allocated to the non-au- 
thentication area 331, and physical blocks E000 to 
EFFF whose addresses are higher than the boundary 
are allocated to the authentication area 332. 
[01 79] As understood from the conversion table 1 1 03 
shown In FIG. 1 8B, the logical block numbers match the 
physical block numbers in the non-authentication area 
331 . On the other hand, as understood from the conver- 
sion table 1102 shown in FIG. 18C, there Is an inverse 
relationship between the logical block numbers and the 
physical block numbers in the authentication area 332. 
That is to say, logical blocks 0000 to OFFF correspond 
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to physical blocks EFFF to EOOO, respectively. This ar- 
rangement has been made by considering that the log- 
ical blocks are used in ascending order, and that when 
the boundary is moved, data in the physical blocks to 
be moved needs to be saved or moved. s 
[0180] FIGs. 19A to 19C show the use state of the 
flash memory 303 after the boundary is changed. FIGs. 
1 9A to 1 9C correspond to FIGs. 1 8A to 1 8C, respective- 
ly. Note that the boundary change is achieved by the 
following procedure: io 

(1) A dedicated command specifying an address of 
the boundary Is input to the command judgement 
control unit 322 via a command pin; and 

(2) The command Judgement control unit 322 re- is 
writes the conversion table 1102 in the authentica- 
tion area access control unit 326 and the conversion 
table 1103 In the non-authentication area 331 . 

[0181] As shown in FIGs. 19A to 19C, the boundary 20 
is moved from between the physical blocks EOOO and 
DFFF to between the physical blocks D000 and CFFF. 
That means the size of the non-authentication area 331 
is reduced by 1000(hex) blocks, and the size of the au- 
thentication area 332 is increased by 1 0OO(hex) blocks. 2s 
[0182] As shown in FIG. 19B, along with the above 
boundary change, the size of the conversion table 11 03 
of the non-authentication area 331 is reduced by 1000 
(hex) entries, and the size of the authentication area 332 
is increased by 1000{hex) entries, so that the conver- so 
sion table 1103 shows logical blocks 0000 to CFFF with 
corresponding physical blocks 0000 to CFFF. In con- 
trast, as shown in FIG. 19C, the size of the conversion 
table 1102 of the authentication area 332 is Increased 
by 1 0OO(hex) entries, and the size of the authentication 35 
area 332 is increased by 1000(hex) entries, so that the 
conversion table 1102 shows logical blocks 0000 to 
1 FFF with corresponding physical blocks EFFF to O000. 
[0183] As described above, a boundary is set be- 
tween the authentication area and the non-authentica- 40 
tion area in the flash memory 303, and the size of both 
areas is changed by moving the boundary. This enables 
the memory card 1 09 to be used for various purposes. 
For example, the memory card 1 09 may be mainiy used 
for storing digital contents which need to be protected 45 
by copyright, or the memory card 1 09 may be mainly 
used for other than storing such digital contents. 
[0184] In both the authentication area and the non- 
authentication area, the amount of processing in moving 
and saving data along with the boundary change can be so 
reduced by corresponding the logical blocks to the phys- 
ical blocks so that physical blocks are used in the order 
of remoteness starting at the most remote one. 
[0185] The above correspondence between the logi- 
cal and physical blocks is easily achieved when the con- ss 
version table 1 1 02 dedicated to the authentication area 
332 and the conversion table 1 1 03 dedicated to the non- 
authentication area 331 are separately provided. 



[01 86] In the above example, in the authentication ar- 
ea 332, there is an inverse relationship between the log- 
ical addresses and the physical addresses in units of 
blocks. However, other units may be used. For example, 
there may be an inverse relationship between the logical 
addresses and the physical addresses in units of sec- 
tors or bytes. 

[01 87] Up to this point, the memory card of the present 
invention has been described in its embodiment and 
variations. However, the present invention is not limited 
to the embodiment and variations. 
[0188] In the above embodiment, the PC 102 or the 
player 201 is required to perform a mutual authentica- 
tion with the memory card 1 09 using the same proce- 
dure each time it issues a command to access the au- 
thentication area 332 in the memory card 1 09. However, 
a simplified authentication procedure may be used to 
access the authentication area 332, depending on the 
command type. 

[0189] For example, when the write command "Se- 
cureWrite 11 Is issued, the encrypted master key 323b and 
the medium ID may not be obtained from the memory 
card 109, but the memory card 109 may execute the 
write command "SecureWrite" even when only a one- 
way authentication (an authentication of a device by the 
memory card 109) completes affirmatively. With this ar- 
rangement, commands which are little related to the 
copyright protection wilt be executed at high speed. 
[01 90] The flash memory 303 in the memory card 1 09 
of the present Invention may be replaced with another 
storage medium (e.g., a nonvolatile medium such as a 
hard disk, an optical disc, and a magnet optical disc). A 
portable storage card capable of securing a copyright 
on the stored data as the present invention can be 
achieved using any of such mediums. 
[01 91 ] The present invention has been fully described 
by way of examples with reference to the accompanying 
drawings, it is to be noted that various changes and 
modifications will be apparent to those skilled in the art. 
Therefore, unless such changes and modifications de- 
part from the scope of the present invention, they should 
be construed as being included therein. 



Claims 

1. A semiconductor memory card (109) that can be 
used/removed in/from an electronic device, com- 
prising: 

a rewritable nonvolatile memory (303); 
an address holding unit; and 
a control circuit, 

the nonvolatile memory (303) Including an au- 
thentication area (332) and a non-authentica- 
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tion area (331), 

the control circuit Including: 

an authentication unit (321) which per- s 
forms an authentication process to check 
whether the electronic device has authority 
to access the semiconductor memory card 
(109), and affirmatively authenticates the 
electronic device when the electronic de- to 
vice has authority to access the semicon- 
ductor memory card (1 09); 

a non-authentication area access control 
unit (326) which controls accesses to the is 
non-authentication area (331 ) based on an 
instruction by the electronic device; and 

an authentication area access control unit 
(325) which controls accesses to the au- so 
thentication area (332) based on an In- 
struction by the electronic device, wherein 

the authentication unit (321) performs the authenti- 
cation process prior to the control of accesses to ss 
the authentication area (332) by the authentication 
area access control unit (325), and 
the authentication area access control unit (325) 
does not control accesses to the authentication ar- 
ea (332) if the authentication unit (321 ) does not au- 30 
thenticate the electronic device affirmatively in the 
authentication process characterised by 
an address held by the address holding unit mark- 
ing a boundary between the authentication area 
(332) and the non-authentication area (331) In the 3s 
nonvolatile memory (303), 

an area resizing circuit (322, 325, 326) which resiz- 
es the authentication area (332) and the non-au- 
thentication area (331) by changing the boundary 
marking address based on a dedicated command *o 
issued from the electronic device if the authentica- 
tion unit (321) affirmatively authenticates the elec- 
tronic device; and in that 

the non-authentication area access control unit re- 
fers to the boundary marking address; and the au- *s 
thentication area access control unit refers to the 
boundary marking address. 

A semiconductor memory card of claim 1 , wherein 
the authentication unit (321) generates a key re- so 
fleeting a result of the authentication process, and 
the authentication area access control unit (325) 
decrypts an encrypted instruction using the key 
generated by the authentication unit (321 ), and con- 
trols accesses by the electronic device to the au- ss 
thentication area (332) in accordance with the de- 
crypted instruction, the encrypted instruction being 
sent from the electronic device. 



3. A semiconductor memory card of claim 2, wherein 
the authentication unit (321) performs a challenge- 
response type mutual authentication with the elec- 
tronic device, and generates the key from challenge 
data and response data, the challenge data being 
sent to the electronic device to check whether the 
electronic device has authority to access the semi- 
conductor memory card, and the response data be- 
ing generated to show the authentication unit (321) 
has authority to access the semiconductor memory 
card. 

4. A semiconductor memory card of claim 3, wherein 
the encrypted instruction sent from the electronic 
device includes a tag field and an address field, the 
tag field not having been encrypted and specifying 
a type of an access to the authentication area (332), 
the address field having been encrypted and spec- 
ifying an address of an area to be accessed, 
wherein the authentication area access control unit 
(325) decrypts the address field using the key, and 
controls accesses by the electronic device to the 
authentication area (332) so that an access of the 
type specified in the tag field is made to the area 
indicated by the address in the decrypted address 
field. 

5. A semiconductor memory card of claim 4 further 
comprising: 

an identification data storage circuit (304) 
which prestores identification data (341) which 
is unique to the semiconductor memory card 
and enables the semiconductor memory card 
to be discriminated from other semiconductor 
memory cards, wherein 

the authentication unit (321) performs a mutual 
authentication with the electronic device using 
the identification data (341) stored in the iden- 
tification data storage circuit (304) and gener- 
ates the key from the identification data (341). 

6. A semiconductor memory card of claim 1 , wherein 
the area resizing circuit (322, 325, 326) includes: 

an authentication area conversion table (1102) 
which shows correspondence between logical 
addresses and physical addresses In the au- 
thentication area (332), 

a non -authentication area conversion table 
(1103) which shows correspondence between 
logical addresses and physical addresses in 
the non-authentication area (331), and 

a conversion table change unit (322) which 
changes contents of the authentication area 
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conversion table (1102) and the non-authenti- 
cation area conversion table (1103) in accord- 
ance with an instruction from the electronic de- 
vice, wherein 

the authentication area access control unit (325) 
controls accesses by the electronic device to the 
authentication area (332) by referring to the authen- 
tication area conversion table (1102), and 
the non-authentication area access control unit 
(326) controls accesses by the electronic device to 
the non-authentication area (331 ) by referring to the 
non-authentication area conversion table (1103). 

7. A semiconductor memory card of claim 6, wherein 
an area addressed with higher physical addresses 
and an area addressed with tower physical ad- 
dresses both constituting the area having the pre- 
determined size are respectively allocated to the 
authentication area (332) and the non-authentica- 
tion area (331), 

the non-authentication area conversion table 
(1103) shows correspondence between logical ad- 
dresses arranged in ascending order and physical 
addresses arranged in ascending order, and 
the authentication area conversion table (1102) 
shows correspondence between logical addresses 
arranged in ascending order and physical address- 
es arranged In descending order. 

8. A semiconductor memory card of claim 1 further 
comprising a read-only memory circuit which 
prestores data. 

9. A semiconductor memory card of claim 1 , wherein 
the control circuit (302) further includes: 

a conversion table (1102, 1103) which shows 
correspondence between logical addresses 
and physical addresses in each of the authen- 
tication area (332) and the non-authentication 
area (331), and 

a conversion table change circuit (322) which 
changes contents of the conversion table in ac- 
cordance with an instruction from the electronic 
device, and 

the authentication area access control unit 
(325) and the non-authentication area access 
control unit (326) control accesses by the elec- 
tronic device to the authentication area (332) 
and the non-authentication area (331 ), respec- 
tively, by referring to the conversion table. 

10. A semiconductor memory card of claim 1, wherein 
the control circuit (302) further includes: 



38 

an encryption/decryption unit (327) which en- 
crypts data to be written to the authentication 
area (332) and the non-authentication area 

(331) and decrypts 

5 data read out from the authentication area 

(332) and the non-authentication area (331). 

11 . A semiconductor memory card of claim 1 , wherein 
the nonvolatile memory (303) is a flash memory, 

io and the control circuit (302) further includes: 

a not-deleted list holding unit (322) which holds 
a non-deleted list that shows a (ist of not-delet- 
ed areas In the authentication area (332) and 
is the non-authentication area (331), and 

a not-deieted area sending unit (322) which, In 
accordance with an instruction from the elec- 
tronic device, refers to the not-deleted list to 
20 identify not-deleted areas in the authentication 

area (332) and the non-authentication area 
(331), and sends Information indicating the 
identified not-deleted areas to the electronic 
device. 

25 

12. A semiconductor memory card of claim 1, wherein 
the authentication unit (321) requests a user of the 
electronic device to input a user key, which is infor- 
mation unique to the user, during the authentication 

30 process, and the control circuit (302) further in- 
cludes: 

a user key storage unit (1 31 1 ) which stores the 
user key, 

35 

an identification information storage unit (1 310) 
which stores a piece of identification informa- 
tion identifying an electronic device that has 
been affirmatively authenticated by the authen- 
40 tication unit (321), and 

a user key request prohibition unit (321) which 
obtains a piece of identification information 
from a target electronic device after the authen- 
45 tication unit (321) starts the authentication 

process, checks whether the piece of identifi- 
cation information obtained from the target 
electronic device has already been stored in the 
Identification information storage unit, and pro- 
so hlbits the authentication unit (321) from re- 

questing a user of the electronic device to input 
a user key when the piece of identification in- 
formation obtained from the target electronic 
device has already been stored in the identifi- 
55 cation information storage unit. 

13. A storage system containing a semiconductor 
memory card according to claim 1 and a data read- 
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ing apparatus (201) reading out a digital content 
(426) of the semiconductor memory card, the digital 
content having been stored in the non-authentica- 
tion area (331) of the semiconductor memory card, 
and information (812) indicating the number of s 
times the digital content can be read out being 
prestored in the authentication area (332), the data 
reading apparatus comprising: 

a judgement means (S804) for, when the digital 10 
content is to be read out from the non-authen- 
tication area (331), reading out the information 
indicating the number of times the digital con- 
tent can be read out from the authentication ar- 
ea (332), and judging whether the digital con- is 
tent can be read out based on the number of 
times indicated in the Information, and 

a reproduction means (S806-S808) for reading 
out the digital content from the non-authentlca- 20 
Won area (331) only when the Judgement means 
judges that the digital content can be read out, 
and reducing the number of times the digital 
content can be read out in the information 
stored in the authentication area (332). 23 

A storage system containing a semiconductor 
memory card according to claim 1 and a data read- 
ing apparatus (201) reading out a digital content 
(426) of the semiconductor memory card and repro- 30 
duclng the digital content as an analog signal the 
digital content, having been stored in the non-au- 
thentication area (331) of the semiconductor mem- 
ory card (109), and Information (913) indicating the 
number of times the digital content can be digitally 35 
output by the electronic device having been stored 
in the authentication area (332), the data reading 
apparatus comprising: 

a reproduction means (S908) for reading out 40 
the digital content from the non-authentication 
area (331 ) and reproducing the read-out digital 
content as an analog signal, 

a judgement means (S906) for reading out the 45 
information indicating the number of times the 
digital content can be digitally output by the 
electronic device, and judging whether the dig- 
ital content can be digitally output based on the 
number of times indicated in the information, 50 
and 

a digital output means (S907, S909) for digitally 
outputting the digital content only when the 
judgement means judges that the digital con- ss 
tent can be digitally output, and reducing the 
number of times the digital content can be dig- 
itally output in the information stored in the au- 



thentication area (332). 

15. A control method for use in a semiconductor mem- 
ory card (109) that can be used/removed in/from an 
electronic device, the semiconductor memory card 
(109) including a rewritable nonvolatile memory 
(303), an address holding unit, and a control circuit, 
the nonvolatile memory (303) including an authen- 
tication area (332) and a non-authentication area 
(331), 

the control method comprising: 

an authentication step which performs an au- 
thentication process to check whether the elec- 
tronic device has authority to access the semi- 
conductor memory card (1 09), and affirmatively 
authenticates the electronic device when the 
electronic device has authority to access the 
semiconductor memory card (109); 
a non-authentication area access control step 
which controls accesses to the non-authentica- 
tion area (331) based on an instruction by the 
electronic device; and 

an authentication area access control step 
which controls accesses to the authentication 
area (332) based on an Instruction by the elec- 
tronic device, wherein 

the authentication step performs the authentication 
process prior to the controlling of accesses to the 
authentication area (332) by the authentication area 
access control step, and 

the authentication area access control step does 
not control accesses to the authentication area 
(332) If the authentication step does not authenti- 
cate the electronic device affirmatively In the au- 
thenticating process 
characterised by 

an address held by the address holding unit mark- 
ing a boundary between the authentication area 
(332) and the non-authentication area (331) in the 
nonvolatile memory (303), 

an area resizing step which resizes the authentica- 
tion area (332) and the non-authentication area 
(331) by changing the boundary marking address 
based on a dedicated command issued from the 
electronic device if the authentication unit (321) af- 
firmatively authenticates the electronic device; and 
in that 

the non -authentication area access control step re- 
fers to the boundary marking address; and 
the authentication area access control step refers 
to the boundary marking address. 



PatentansprOche 

1. Halbleiter-Speicherkarte (109), die in eine elektro- 
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nische Vorrichtung eingesetzt und aus ihr entnom- 
men werden kann und die umfasst: 

einen wiederbeschreibbaren, nicht fluchtigen 
Speicher(303), * 

• eine Adress-Speichereinheit und 

eine Steuerschaitung (302), 

10 

der nicht f luchtige Speicher (303) enthait einen 
Authentisterungsbereich (332) und einen 
Nicht-Authentlsierungsbereich (331 ), 

der Steuerschaltkreis enthait: 

eine Authentisierungseinheit (321), die ei- 
nen Authentisierungsprozess durchfuhrt, 
um zu priif en, ob die elektronische Vorrich- 
tung berechtigt 1st, auf die Halbleiter-Spei- so 
cherkarte (109) zuzugreifen, und die elek- 
tronische Vorrichtung zustimmend authen- 
tislert, wenn die elektronische Vorrichtung 
berechtigt ist, auf die Halbleiterspelcher- 
karte (1 09) zuzugreifen, & 

eine Nicht-Authenttslerungsbereichs-Zu- 
griffssteuereinheit (326), die Zugriffe auf 
den Nicht-Authentlsierungsbereich (331) 
baslerend auf einer Anweisung von der 30 
elektronlschen Vorrichtung steuert, und 

eine Authentislerungsberelchs-Zugriffs- 
steuereinheit (325), die Zugriffe auf den 
Authentlsierungsbereich (332) baslerend 35 
auf einer Anweisung von der elektronl- 
schen Vorrichtung steuert, wobei 

die Authentisierungseinheit (321) den Authentisie- 
rungsprozess vor der Steuerung von Zugriffen auf *o 
den Authentlsierungsbereich (332) durch die Au- 
thentisierungsbereichs-Zugriffssteuereinheit (325) 
ausfuhrt und 

die Authentisierungsberelchs-Zugriffssteuereinheit 
(325) Zugriffe auf den Authentlsierungsbereich *s 
(332) nicht steuert, wenn die Authentisierungsein- 
heit (321 ) die elektronische Vorrichtung in dem Au- 
thentisierungsprozess nicht zustimmend authenti- 
siert, 

gekennzelchnet durch 

eine Adresse, die in der Adress-Spelcherelnheit ge- 
speichert 1st und eine Grenze zwischen dem Au- 
thentisierungsbereich (332) und dem Nicht-Authen- 
tisierungsbereich (331 ) in dem nichtf IGchtigen Spei- 
cher (303) markiert, 

eine BereichsgrdBenanderungsschaitung (322, 
325, 326), die den Authentisierungsbereich (332) 
und den Nicht-Authentisierungsbereich (331) 



durch Veranderung der die Grenze markierenden 
Adresse baslerend auf einer zugehdrigen Anwei- 
sung andert, die von derelektronischen Vorrichtung 
ausgegeben wird, wenn die Authentisierungsein- 
heit (321) die elektronische Vorrichtung zustim- 
mend authentisiert, unddadurch, dass 
die Nicht-Authentisierungsbereichs-Zugriffssteuer- 
einheit auf die die Grenze markierende Adresse Be- 
zug nimmt und 

die Authentisiewngsbereichs-Zugriffssteuereinheit 
auf die die Grenze markierende Adresse Bezug 
nimmt. 

2. Halbleiter-Spelcherkarte nach Anspruch 1 , wobei 
die Authentisierungseinheit (321) einen Schliissel 
erzeugt, der ein Ergebnis des Authentisierungspro- 
zesses reflektiert, und die Authentislerungsbe- 
retchszugriff-Steuereinheit (325) einen verschlus- 
selten Befehl unter Verwendung des Schlussels 
entschiusselt, der von der Authentisierungseinheit 
(321) erzeugt wird, und Zugriffe durch die elektro- 
nische Vorrichtung auf den Authentlsierungsbe- 
reich (332) entsprechend dem entschlttsselten Be- 
fehl steuert, wobei der verschlOsselte Befehl von 
der elektronlschen Vorrichtung gesendet wird. 

3. Halblelter-Speicherkarte nach Anspruch 2, wobei 
die Authentisierungseinheit (321) eine gegenseffl- 
ge Authentisierung mlt der elektronlschen Vorrich- 
tung vom Typ mit Authentisierungsabfrage und 
-antwort ausfuhrt und den Schlussel aus Abfrage- 
und Antwortdaten erzeugt, wobei die Abfragedaten 
zu der elektronlschen Vorrichtung gesendet wer- 
den, um zu prufen, ob die elektronische Vorrichtung 
berechtigt 1st, auf die Halbleiter-Speicherkarte zu- 
zugreifen, und die Antwortdaten erzeugt werden, 
um zu zeigen, dass die Authentisierungseinheit 
(321) berechtigt ist, auf die Halbleiter-Speicherkar- 
te zuzugreifen. 

4. Halbleiter-Speicherkarte nach Anspruch 3, wobei 
der verschlOsselte Befehl, der von der elektronl- 
schen Vorrichtung gesendet wird, ein Etikettenfeld 
und ein Adressfeld enthait, wobei das Etikettenfeld 
nicht verschiusselt worden ist und einen Typ eines 
Zugriffs auf den Authentisierungsbereich (332) an- 
gibt, wobei das Adressfeld verschiusselt worden ist 
und eine Adresse eines Bereiches, auf den zuzu- 
greifen ist, angibt, 

wobei die Authentislerungsbereichszugriff-Steuer- 
elnheit (325) das Adressfeld unter Verwendung des 
SchlQsseis verschiusselt und Zugriffe auf den Au- 
thentisierungsbereich (332) durch die elektronische 
Vorrichtung so steuert, 

dass ein Zugriff des Typs, der In dem Etikettenfeld 
angegeben 1st, auf den Bereich erfoigt, der durch 
die Adresse In dem verschlusselten Adressfeld an- 
gezeigt wird. 
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5. Halbleiter-Speicherkarte nach Anspruch 4, die des 
Weiteren umfasst: 

eine Kennungsdaten-Speicherschaltung (304), 
die Kennungsdaten (341 ) vorspeichert, die der 5 
Halbleiter-Speicherkarte eindeutig zugeordnet 
sind, und es ermogflchen, die Halbleiter-Spei- 
cherkarte von anderen Hafbleiter-Speicherkar- 
ten zu unterscheiden, wobei 

to 

die Authentisierungseinheit (321) eine gegen- 
seitige Authentisierung mit der elektronischen 
Vorrichtung unter Verwendung der Kennungs- 
daten (341) ausfQhrt, die In der Kennungsda- 
ten-Speicherschaltung (304) gespeichert sind, 15 
und den Schlussel aus den Kennungsdaten 
(341)erzeugt. 

6. Halbleiter-Speicherkarte nach Anspruch 1, wobei 
die BerelchsgrdBenanderungsschaltung (322, 325, 20 
326) enthdlt: 

eine Authentisierungsbereich-Umwandlungs- 
tabelle (1102), die Entsprechung zwischen lo- 
gischen Adressen und physikallschen Adres- 2s 
sen in dem Authentisierungsbereich (332) 
zeigt, 

eine Nlcht-Authentisierungsberelch-Umwand- 
lungstabelle (1103), die Entsprechung zwl- so 
schen loglschen Adressen und physikallschen 
Adressen in. dem Nicht-Authentisierungsbe- 
reich(331)zeigt, und 

eine Umwandlungstabellen-Anderungselnheit ss 
(322), die Inhalte der Authentislerungsbereich- 
Umwandlungstabelle{1102) und derNicht-Au- 
thentisierungsbereich-Umwandlungstabelle 
(1103) entsprechend einem Befehl von der 
elektronischen Vorrichtung andert, wobei 40 

die Authentisierungsbereichszugrlff-Steuereinheit 
(325) Zugriffe durch die elektronische Vorrichtung 
auf den Authentisierungsbereich (332) steuert, in- 
dem sie auf die Authentisierungsbereich-Urnwand- 45 
lungstabeile (1102) Bezug nimmt, und 
die Nicht-Authentisierungsbereichszugriff-Steuer- 
einheit (326) Zugriffe durch die elektronische Vor- 
richtung auf den Nicht-Authentisierungsbereich 
(331 ) steuert, Indem sie auf die Nlcht-Authentisie- so 
rungsbereich-Umwandlungstabelle (1103) Bezug 
nimmt. 

Halbleiter-Speicherkarte nach Anspruch 6, wobei 
ein Bereich, der mit hoheren physikallschen Adres- ss 
sen adressiert 1st, und ein Bereich, der mit niedri- 
geren physikalischen Adressen adressiert ist, die 
beide den Bereich mit der vorgegebenen GroBe bil- 



den, dem Authentisierungsbereich (332) bzw. dem 
Nicht-Authentisierungsbereich (331) zugeordnet 
werden, 

die Nicht-Authentisierungsbereich-Umwandlungs- 
tabelfe (1103) Entsprechung zwischen logischen 
Adressen, die in aufsteigender Reihenfolge ange- 
ordnet sind, und 

die Authentisierungsbereich-Umwandlungstabelle 
(1102) Entsprechung zwischen logischen Adres- 
sen, die in aufsteigender Reihenfolge angeordnet 
sind, und physikalischen Adressen, die in abstei- 
gender Reihenfolge angeordnet sind, zeigt. 

8. Halbleiter-Speicherkarte nach Anspruch 1 , die des 
Weiteren eine Festwertspelcherschaltung umfasst, 
die Daten vorspeichert. 

9. Halbleiter-Speicherkarte nach Anspruch 1, wobei 
die Steuerschaltung (302) des Weiteren enthalt: 

eine Umwandlungstabelle (1102, 1103), die 
Entsprechung zwischen logischen Adressen 
und physikalischen Adressen in dem Authenti- 
sierungsbereich (332) und dem Nicht-Authen- 
tisierungsbereich (331) zeigt, und 

eine Umwandlungstabellen-Anderungseinheit 
(322), die Inhalte der Umwandlungstabelle ent- 
sprechend einem Befehl von der elektroni- 
schen Vorrichtung andert, und 

wobei die Authentisierungsbereichszugriff-Steuer- 
einhelt (325) und die Nicht-Authentisierungsbe- 
reichszugriff-Steuereinheit (326) Zugriffe durch die 
elektronische Vorrichtung auf den Authentisie- 
rungsbereich (332) bzw. den Nicht-Authentisie- 
rungsbereich (331) steuern, indem sie auf die Um- 
wandlungstabelle Bezug nehmen. 

10. Halbleiter-Speicherkarte nach Anspruch 1, wobei 
die Steuerschaitung (302) des Weiteren enthalt: 

eineVerschlQsselungs-/Entschlusselungs-Ein- 
heit (327), die Daten verschlOsselt, die in den 
Authentisierungsbereich ^(332) und den Nicht- 
Authentisierungsbereich (331) zu schreiben 
sind, und Daten entschltisselt, die aus dem Au- 
thentisierungsbereich (332) und dem Nicht-Au- 
thentisierungsbereich (331) ausgelesen wer- 
den. 

11. Halbleiter-Speicherkarte nach Anspruch 1, wobei 
der nichtflttchtlge Speicher (303) ein Flash-Spei- 
cher ist, und die Steuerschaltung (302) des Weite- 
ren enthalt: 

eine Nicht-Geldscht-Listen-Aufnahmeeinheit 
(322), die eine Nicht-Get6scht-Liste aufnimmt, 
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die eine Liste nicht geldschter Bereicho in dem 
Authentislerungsbereich (332) und dem Nicht- 
Authentisierungsbereichsbereich (331) zeigt, 
und 

eine Nicht-Geidscht-Berelch-Sendeeinheit 
(322), die entsprechend einem Befehl von der 
elektronischen Vorrichtung auf die Nicht-Ge- 
toscht-Liste Bezug nimmt, um nicht getdschte 
Bereiche in dem Authentislerungsbereich (332) 
und dem Nicht-Authentisierungsbereich (331) 
zu identifizieren, und Informationen, die die 
identifizierten, nicht geldschten Bereiche an- 
zelgen, zu der elektronischen Vorrichtung sen- 
det. 

12. Halbteiter-Speicherkarte nach Anspruch 1, wobei 
die Authentislerungseinheit (321) einen Benutzer 
der elektronischen Vorrichtung wahrend des Au- 
thentislerungsprozesses auffordert, einen Benut- 
zerschlussel einzugeben, bel dem es sich um eine 
Information handelt, die dem Benutzer eindeutlg 
zugeordnet ist, und die Steuerschaltung (302) des 
Weiteren enthalt: 

eine BenutzerschlOssel-Speichereinheit 
(1311), die den BenutzerschlQssel speichert, 

eine Kennungsinformations-Speichereinheit 
(1310), die eine elnzelne Kennungsinformation 
speichert, die eine elektronische Vorrichtung 
identifiziert, die von der Authentislerungsein- 
heit (321) zustimmend authentislert worden 1st, 
und 

etneBenutzerschtusselaufforderungs-Verbots- 
einheit (321), die eine einzelne Kennungsinfor- 
mation von einer elektronischen Zietvorrich- 
tung bezieht, nachdem die Authentisierungs- 
einheit (321 ) mit dem Authentisierungsprozess 
begonnen hat, pruft, ob die von der elektroni- 
schen Zielvorrichtung bezogene einzelne Ken- 
nungsinformation bereits in der Kennungsinfor- 
mations-Speichereinheit gespeichert worden 
ist, und der Authentisierungseinheit (321) ver- 
bietet, einen Benutzer der elektronischen Vor- 
richtung zur Eingabe eines Benutzerschlussels 
aufzufordern, wenn die von der elektronischen 
Zielvorrichtung bezogene einzelne Kennungs- 
information bereits in der Kennungsinformati- 
ons-Speichereinheit gespeichert worden ist. 

13. Speichersystem, das eine Halbteiter-Speicherkarte 
nach Anspruch 1 so wie eine Datenlesevorrichtung 
(201) enthalt, die einen digitaten Inhalt (426) aus 
der Halbleiter-Speicherkarte ausllest, wobel der dl- 
gitale Inhalt in dem Nicht-Authentisierungsbereich 
(331) der Halbleiter-Speicherkarte gespeichert 
worden ist, und Information (812), die anzeigt, wie 



oft der digitate Inhalt ausgelesen warden kann, und 
die in dem Authentislerungsbereich (332) vorge- 
speichert ist, ausgelesen werden kann, wobei die 
Datenlesevorrichtung umfasst: 

5 

eine Entscheidungseinrichtung (S804), die, 
wenn der digitate Inhalt aus dem Nicht-Authen- 
tisierungsbereich (331) auszulesen ist, die In- 
formation, die anzeigt, wie oft der digitate Inhalt 
w ausgelesen werden kann, aus dem Authenti- 

slerungsbereich (332) ausliest und auf der 
Grundlage der H£uf igkeit, die in der Information 
angezeigtist, entscheidet, ob derdigitale Inhatt 
ausgelesen werden kann, und 

15 

eine Wiedergabeeinrichtung (S806-S808), die 
den digitaten Inhalt aus dem Nicht-Authentisie- 
rungsbereich (331) nurdann ausliest, wenn die 
Entscheidungseinrichtung entscheidet, dass 
20 der digitate Inhalt ausgelesen werden kann, 

und die Haufigkeit, mit der der digitate Inhatt 
ausgelesen werden kann, In der in dem Au- 
thentislerungsbereich (332) gespelcherten In- 
formation verrlngert 

25 

14. Speichersystem, das eine Halbleiter-Speicherkarte 
nach Anspruch 1 und eine Lesevorrichtung (201) 
enthalt, die einen digitaten Inhatt (426) der Halblei- 
ter-Speicherkarte ausliest und den digitaten Inhalt 

30 ats ein analoges Signal wiederglbt, wobei der digi- 
tate Inhatt in dem Nicht-Authentisierungsbereich 
(331) der Halbleiter-Speicherkarte (109) gespei- 
chert worden ist, und Information (91 3), die anzeigt, 
wie oft der digitate Inhalt von der eiektronischen 

35 Vorrichtung digital auagegeben werden kann, in 
dem Authentisierungsbereich (332) gespeichert 
worden ist, wobei die Datenlesevorrichtung um- 
fasst: 

40 eine Wiedergabeeinrichtung (S908), die den di- 

gitaten Inhalt aus dem Nicht-Authentisierungs- 
bereich (331) ausliest und den ausgelesenen 
digitalen Inhalt als ein analoges Signal wieder- 
gibt, 

45 

eine Entscheidungseinrichtung (S906), die die 
Information, die anzeigt, wie oft der digitate In- 
halt von der elektronischen Vorrichtung digital 
ausgegeben werden kann, ausliest und auf der 
so Grundlage der Haufigkeit, die In der I nformation 

angezeigtist, entscheidet, ob derdigitale Inhalt 
digital ausgegeben werden kann, und 

eine Digitaiausgabeetnrichtung (S907, S909), 
55 die den digitalen Inhalt nur dann digital ausgibt, 

wenn die Entscheidungseinrichtung entschei- 
det, dass der digitate Inhalt digital ausgegeben 
werden kann, und die Haufigkeit, mit der der 
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digitals Inhalt digital ausgegeben werden kann, 
in der in dem Authentisierungsbereich (332) 
gespeicherten Information verringert. 

15. Steuerverfahren zur Verwendung in einer Halblei- s 
ter-Speicherkarte (109), die in eine elektronische 
Vorrichtung eingesetzt und aus ihr entnommen wer- 
den kann, wobei die Halbleiter-Speicherkarte (109) 
einen wiederbeschreibbaren, nicht f tuchtigen Spei- 
cher (303), eine Adress-Speichereinheit und eine 10 
Steuerschaltung enthalt, 

der nicht fluchtige Speicher (303) einen Authenti- 
sierungsbereich (332) und einen Nicht-Authentisie- 
rungsberelch (331 ) enthaJt, 

das Steuerverfahren umfasst: 15 

einen Authentlsierungsschritt, der einen Au- 
thentisierungsprozess ausfiihrt, um zu priifen, 
ob die elektronische Vorrichtung berechtigt Ist, 
auf die Halbleiter-Speicherkarte (109) zuzu- 20 
greifen, und die elektronische Vorrichtung zu- 
stimmend authentisiert, wenn die eiektronische 
Vorrichtung berechtigt ist, auf die Halbleiter- 
Speicherkarte (109) zuzugrelfen, 

25 

einen Nlcht-Authentlslerungsbereich-Zugriffs- 
steuerschrltt, der Zugriffe auf den Nicht-Au- 
thentislerungsbereich (331) basierend auf ei- 
ner Anweisung von der elektronisch en Vorrich- 
tung steuert, und 30 

einen Authentlsierungsbereich-Zugriffssteuer- 
schritt, der Zugriffe auf den Authentisierungs- 
bereich (332) basierend auf einer Anweisung 
von der elektronischen Vorrichtung steuert, 3s 

wobei der Authentisierungsschritt den Authentisie- 
rungsprozess vor der Steuerung von Zugriffen auf 
den Authentisierungsbereich (332) durch den Au- 
thentisierungsbereich-Zugriffssteuerschritt durch- 40 
fOhrt und 

der Authentisierungsbereich-Zugriffssteuerschritt 
Zugriffe auf den Authentisierungsbereich (332) 
nicht steuert, wenn der Authentisierungsschritt die 
elektronische Vorrichtung in dem Authentisierungs- *s 
prozess nicht zustimmend authentisiert, 
gekennzeichnet durch 

eine Adresse, die in der Adress-Speichereinheit ge- 
speichert ist und eine Grenze zwischen dem Au- 
thentisierungsbereich (332) und dem Nicht-Authen- so 
tisierungsbereich (331 ) in dem nichtfliichtigen Spei- 
cher (303) markiert, 

einen BereichsgroBenanderungsschritt, der den 
Authentisierungsbereich (332) und den Nicht-Au- 
thentisierungsbereich (331) durch Anderung der ss 
die Grenze markierenden Adresse basierend auf ei- 
ner zugehdrigen Anweisung von der elektronischen 
Vorrichtung andert, wenn die Authentlslerungsein- 



heit (321) die elektronische Vorrichtung zustim- 
mend authentisiert, und dadurch, dass 
der Nicht-Authentlsierungsbereich-Zugriffssteuer- 
schritt auf die die Grenze markierende Adresse Be- 
zug nimmt und 

der Authentisierungsbereich-Zugriffssteuerschritt 
auf die die Grenze markierende Adresse Bezug 
nimmt. 



Revendfcations 

1. Carte memoire a semi-conducteur (109) qui peut 
etre utilisee dans/retiree d'un dlspositif electroni- 
que, comprenant : 

une memoire volatile reinscriptible (303) ; 

une unite de tenue d'adresses ; et 

un circuit de commande, 

la memoire non volatile (303) comprenant une 

zone d'authentification (332) et une zone de 

non-authentification (331), 

!e circuit de commande comprenant : 

une unite d'authentification (321) qui exe- 
cute un processus d'authentification desti- 
ne a verifier si le dlspositif electronique dis- 
pose ou non de I'autorite pour acceder a la 
carte memoire a semi-conducteur (1 09), et 
authentifie de maniere positive le dlspositif 
electronique si le dlspositif electronique 
dispose de I'autorite pour acceder a la car- 
te memoire a semi-conducteur (109) ; 
une unite (326) de commande d'acces a la 
zone de non-authentification (331) qui 
commande les acces a la zone de non- 
authentification (331 ) en se basant sur une 
instruction delivree par le dispositif 
electronique ; et 

une unite (325) de commande d'acces a (a 
zone d'authentification (332) qui comman- 
de les acces a la zone d'authentification 
(332) en se basant sur une instruction de- 
livree par le dispositif electronique, 

dans laquelle 

{'unite d'authentification (321 ) execute le processus 
d'authentification avant la commande des acces a 
ia zone d'authentification (332) par I'unite (325) de 
commande d'acces a la zone d'authentification, et 
I'unite (325) de commande d'acces a la zone 
d'authentification ne commande pas les acces a la 
zone d'authentification (332) si I'unite d'authentifi- 
cation (321) n'authentifie pas le dispositif electroni- 
que de maniere positive dans le processus 
d'authentification, 
caracterisee par 

une adresse tenue par I'unite de tenue d'adresses 
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marquant une Hmite entre la zone d'authentification 
(322) et la zone de non-authentification (331) dans 
la memoire non volatile (303), 
un circuit de redimensionnement de zone (322, 
325, 326) qui redimensionne la zone d'authentif ica- s 
tion (332) et la zone de non-authentification (331 ) 
en modifiant i'adresse de marquage de limite en se 
basant sur une commande dediee delivree par le 
dispositif electronique si I'unite ^identification (321 ) 
authentifie de maniere positive le dispositif 10 
electron ique ; 
et en ce que 

I'unite de commande d'acces a la zone de non- 
authentification se refers a I'adresse de marquage 
de Hmite ; et I'unite de commande d'acces a la zone « 
d'authentification se refere a I'adresse de marqua- 
ge de limite. 

2. Carte memoire a seml-conducteur selon la reven- 
dication 1 , dans laquelle I'unite d'authentification so 
(321) genere une cle refletant un resultat du pro- 
cessus d'authentification et I'unit6 (325) de com- 
mande d'acces a la zone d'authentification decrypte 
une instruction cryptee au moyen de la cle generee 
par I'unite d'authentification (321 ), et commande au ss 
moyen du dispositif etectronique les acces a la zone 
d'authentification (332) en conformite avec 1'instruc- 
tion decryptee, I'instruction cryptee etant adressee 
par ie dispositif electronique. 

30 

3. Carte memoire a seml-conducteur selon la reven- 
dicatlon 2, dans laquelle I'unite d'authentification 
(321) execute une authentication mutuelle detype 
demande d'acces/reponse, au moyen du dispositif 
electronique et genere la cle a partlr des donnees 35 
de demande d'acces et des donnees de reponse, 

les donnees de demande d'acces etant adressees 
par le dispositif electronique pour verifier si le dis- 
positif electronique dispose ou non de I'autorite 
pour acceder a la carte memoire a semt-conduc- 
teur, et les donnees de reponse etant generees af in 
de montrer que I'unite d'authentification (321) dis- 
pose de I'autorite pour acceder a la carte memoire 
a semi-conducteur. 

45 

4. Carte memoire a semi-conducteur selon la reven- 
dication 3, dans laquelle I'instruction cryptee adres- 
see par te dispositif electronique comprend un 
champ d'etiquette et un champ d'adresse, ie champ 
d'etiquette n'ayant pas ete crypte et specifiant un so 
type d'acces a la zone d'authentification (332), le 
champ d'adresse ayant ete crypte et specifiant une 
adresse d'une zone a laquelle il est necessaire d'ac- 
ceder, 

dans laquelle I'unite (325) de commande d'acces a ss 
la zone d'authentification decrypte ie champ 
d'adresse au moyen de la cle, et commande par le 
dispositif electronique les acces a ia zone d'authen- 



tification (332) de maniere a ce qu'un acces du type 
specifie dans te champ d'etiquette soit realise vers 
la zone indiquee par I'adresse dans te champ 
d'adresse decrypte. 

5. Carte memoire a semi-conducteur selon la reven- 
dication 4, comprenant en outre : 

un circuit (304) de memorisation de donnees 
d'identification qui pre-memorise les donnees 
^identification (341), qui sont particuiieres a ia 
carte memoire a semi-conducteur et permet- 
tent a la carte memoire a seml-conducteur 
d'etre discrlmlnee des autres cartes memoire a 
semi-conducteur, dans iequel 
I'unite d'authentification (321) execute une 
authentification mutuelle par le dispositif elec- 
tronique au moyen des donnees d'identification 
(341) memorisees dans le circuit (304) de me- 
morisation de donnees d'identification et gene- 
re la cle a partir des donnees d'identification 
(341). 

6. Carte memoire a semi-conducteur selon la reven- 
dication 1 , dans laquelle le circuit de redimension- 
nement de zone (322, 325, 326) comprend : 

un tableau (1102) de conversion de zone 
d'authentification qui presente une correspon- 
dence entre les adresses logiques et les adres- 
ses physiques dans la zone d'authentification 
(332), 

un tableau (1103) de conversion de zone de 
non-authentification qui presente une corres- 
pondence entre les adresses logiques et les 
adresses physiques dans la zone de non- 
authentification (331), et 
une unite (322) de modification de tableau de 
conversion qui modifie les contenus du tableau 

(1 1 02) de conversion de zone d'authentification 
et du tableau (11 03) de conversion de zone de 
non-authentification en conformite avec une 
instruction delivree par le dispositif electroni- 
que, dans Iequel 

I'unite (325) de commande d'acces a ia zone 
d'authentification commande par le dispositif 
electronique les acces a la zone d'authentifica- 
tion (332) en se referant au tableau (1102) de 
conversion de zone d'authentification, et 
I'unite (326) de commande d'acces a la zone 
de non-authentification commande par ie dis- 
positif electronique les acces a la zone de non- 
authentification (332) en se referent au tableau 

(1103) de conversion de zone de non-authen- 
tification. 

7. Carte memoire a seml-conducteur selon la reven- 
dication 6, dans laquelle une zone adressee avec 
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des adresses physiques superieures et une zone 
adressee avec des adresses physiques infeneures, 
constituant a elles deux la zone ayant la taille 
predetermine , sont respectivement affectees a fa 
zone d'authentification (332) et a la zone de non- s 
authentication (331 ), 

le tableau (1103) de conversion de zone de non- 
authentification presents la correspondence entre 
les adresses logiques disposers dans I'ordre as- 
cendant et les adresses physiques disposees dans 10 
I'ordre ascendant, et 

le tableau (1102) de conversion de zone d'authen- 
tification presente ia correspondence entre ies 
adresses logiques disposers dans i'ordre ascen- 
dant et ies adresses physiques disposees dans Tor- is 
dre descendant. 

8. Carte memoirs a semi-conducteur selon ia reven- 
dication 1, comprenant en outre un circuit de me- 
moire morte qui pre-memorise les donnees. 20 

9. Carte nrtemoire a semi-conducteur selon la reven- 
dication 1 , dans laquelle le circuit de commando 
(302) comprend en outre : 



25 

un tableau de conversion (1102, 1103) qui pre- 
sente une correspondence entre ies adresses 
logiques et les adresses physiques dans cha- 
cune de la zone d'authentification (332) et de 
la zone de non-authentification (331), et so 
un circuit (322) de modification de tableau de 
conversion qui modif ie ies contenus du tableau 
de conversion en conformity avec une instruc- 
tion delivree par le dispositif electronique, et 
I'unite (325) de commands d'acces a la zone 35 
d'authentification et i'unite (326) de commando 
d'acces a ia zone de non-authentification com- 
mandent par ie dispositif electronique les acces 
respectifs a la zone d'authentification (332) et 
a la zone de non-authentification (331) en se *o 
referant au tableau de conversion. 

10. Carte memoire a semi-conducteur selon la reven- 
dication 1, dans iaquelfe le circuit de commande 

(302) comprend en outre : 45 

une unite de cryptage/decryptage (327) qui 
crypte ies donnees a 6crire dans la zone 
d'authentification (332) et la zone de non- 
authentification (331 ) et decrypte lues dans zo- so 
ne d'authentification (332) et la zone de non- 
authentification (331). 

11. Carte memoire a semi-conducteur selon ia reven- 
dication 1, dans laquelle la memoire non volatile ss 

(303) est une memoire flash, et le circuit de com- 
mande (302) comprend en outre : 



une unite (322) de tenue de iiste de non-effa- 
cement qui tient une Iiste de non-effacement 
qui presente une iiste des zones non effacees 
dans la zone d'authentification (332) et la zone 
de non-authentification (331 ), et 
une unite (322) de transmission de zone non 
effacee qui, en conformite avec une instruction 
delivree par le dispositif electronique, se refere 
a ia iiste de non-effacement pour identifier les 
zones non effacees dans la zone d'authentifi- 
cation (332) et ia zone de non-authentification 
(331 ), et adresse au dispositif electronique une 
information indiquant les zones non effacees 
identifies. 

12. Carte nrtemoire a semi-conducteur selon la reven- 
dlcation 1, dans laquelle I'unite d'authentification 
(321) exige d'un utilisateur du dispositif electroni- 
que qu'il entre une cle d'utillsateur, qui est une in- 
formation particullere a I'utHisateur, pendant le pro- 
cessus d'authentification, et le circuit de commande 
(302) comprend en outre : 

une unite (131 1 ) de memorisation de cles d'uti- 
llsateur qui memorise la eld d'utillsateur, 
une unite (1310) de memorisation d'informa- 
tions ^identification qui memorise un element 
de I'information ^identification Identifiant un 
dispositif electronique qui a ete authentifie de 
maniere positive par I'unite d'authentification 
(321), et 

une unite (321) d'interdiction de demande de 
cle d'utillsateur qui obtient un etement d'infor- 
mation d'identiflcation d'un dispositif electroni- 
que desite apres que I'unite d'authentification 
(321) ait lanc$ le processus d'authentification, 
venfie si I'eiement d'information ^identification 
obtenu du dispositif electronique desite a deja 
ete memorisd ou non dans I'unite de memori- 
sation d'information d'identification, et interdit a 
I'unite d'authentification (321) de demander a 
un utilisateur du dispositif electronique qu'il en- 
tre une cle d'utilisateur si I'eiement d'informa- 
tion d'identification obtenue du dispositif elec- 
tronique desite a deja 6te memorise dans I'uni- 
te de memorisation d'information d'identifica- 
tion. 

13. Systeme de memorisation contenant une carte me- 
moire a semi-conducteur selon la revendication 1 
et un appareil (201 ) de lecture de donnees lisant un 
contenu numerique (426) de la carte memoire a 
semi-conducteur, le contenu numerique ayant 6X6 
memorise dans la zone de non-authentification 
(331 ) de la carte memoire a semi-conducteur et I'in- 
formation (812) indiquant le nombre de fois que le 
contenu numerique peut etre lu etant pte-memorise 
dans la zone d'authentification (332). i'appareil de 
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lecture de donnees comprenant : 

un moyen de jugement (S804) destine, quand 
le contenu numerique doit etre lu dans ta zone 
de non-authentification (331), a lire I'informa- s 
tion indiquant le nombre de fois que le contenu 
numerique peut etre lu dans la zone d'authen- 
tification (332), et a juger si le contenu numeri- 
que peut ou non etre lu en se basant sur le nom- 
bre de fois indique dans ('information, et io 
un moyen de reproduction (SB06-S808) desti- 
ne a ne tire le contenu numerique dans la zone 
de non-authentification (331) que si le moyen 
de jugement juge que le contenu numerique 
peut etre lu, et a reduire ie nombre de fois que 
le contenu numerique peut etre lu dans ('infor- 
mation memorisee dans la zone d'authentif Ica- 
tion (332). 

1 4. Systeme de memorisation contenant une carte me- 20 
moire a semi-conducteur selon la revendication 1 

et un appareil (201 ) de lecture de donnees Hsant un 
contenu numerique (426) de la carte memo ire a 
semi-conducteur et reproduisant le contenu nume- 
rique sous la forme d'un signal analogique, le con- 2s 
tenu numerique ayant ete memorise dans la zone 
de non-authentification (331 ) de la carte memolre a 
semi-conducteur (109), et I'informatfon (913) Indi- 
quant ie nombre de fois que le contenu numerique 
peut etre delivre numeriquement par le disposltif 30 
Electronique ayant ete memorise dans la zone 
d'authentification (332), t'appareil de lecture de 
donnees comprenant : 

un moyen de reproduction (S908) destinE a lire 35 
le contenu numerique dans ta zone de non- 
authentification (331 ) et a reproduire ie contenu 
numerique lu sous la forme d'un signal analo- 
gique, 

un moyen de jugement (S908) destinE a lire ie *o 
nombre de fois que le contenu numerique peut 
etre delivre numeriquement par le dispositif 
Electronique, et a juger si le contenu numerique 
peut ou non etre dElivrE numeriquement en se 
basant sur te nombre de fois indique dans I'in- 45 
formation, et 

un moyen (S907, S909) de delivrance numeri- 
que destine a ne delivrer numeriquement ie 
contenu numerique que si ie moyen de juge- 
ment juge que le contenu numerique peut etre so 
delivre numeriquement, et a reduire te nombre 
de fois que le contenu numerique peut etre de- 
livre numeriquement dans Pinformatlon memo- 
risee dans ia zone d'authentification (332). 

55 

15. Precede de cornmande destine a etre utilise dans 
une carte memolre a semi-conducteur (109), qui 
peut Etre utilisee dans/retiree d'un dispositif electro- 



nique, la carte memoire a semi-conducteur (109) 
comprenant une memoire volatile reinscriptibie 
(303), une unite de tenue d'adresses et un circuit 
de cornmande, 

ia memoire non volatile (303) comprenant une zone 
d'authentification (332) et une zone de non-authen- 
tification (331), 

le precede de cornmande comprenant : 

une Etape d'authentification qui execute un pro- 
cessus d'authentification destine a verifier si le 
dispositif electronique dispose ou non de I'auto- 
rite pour acceder a la carte memoire a semi- 
conducteur (109), et authentifie de maniere po- 
sitive le dispositif electronique si le dispositif 
electronique dispose de i'autorite pour acceder 
a la carte memoire a semi-conducteur (1 09) ; 
une etape de cornmande d'acces a ia zone de 
non-authentification qui commando les acces 
a la zone de non-authentification (331 ) en se 
basant sur une instruction dellvree par le dis- 
positif electronique, et 

une Etape de cornmande d'acces a la zone 
d'authentification qui cornmande ies acces a la 
zone d'authentification (332) en se basant sur 
une Instruction delivree parte dispositif electro- 
nique, 

dans iaquelle 

I'etape d'authentification execute le processus 
d'authentification avant la cornmande des acces a 
la zone d'authentification (332) par I'etape de com- 
mando d'acces a la zone d'authentification, et 
i'etape de commando d'acces a la zone d'authenti- 
fication ne cornmande pas les acces a la zone 
d'authentification (332) si I'etape d'authentification 

(321) n'authentifle pas te dispositif electronique de 
maniere positive dans te processus d'authentifica- 
tion, 

caracterlsee par 

une adresse tenue par I'unite de tenue d'adresses 
marquant une limite entre la zone d'authentification 

(322) et la zone de non-authentification (331) dans 
ta memoire non volatile (303), 

une etape de redimensionnement de zone qui redi- 
mensionne la zone d'authentification (322) et la zo- 
ne de non-authentification (331) en rnodifiant 
i'adresse de marquage de limite en se basant sur 
une cornmande dedlee dellvree par le dispositif 
electronique si I'unite d' identification (321) authen- 
tifie de maniere positive le dispositif Electronique ; 
et en ce que 

I'etape de cornmande d'acces a la zone de non- 
authentification se refere a i'adresse de marquage 
de limite ; et i'etape de cornmande d'acces a la zone 
d'authentification se refere a I'adresse de marqua- 
ge de limite. 
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FIG. 18A 
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FIG. 19A 
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